Question: I want to register a shareware program online, using asecure Web site. Is it really secure to send credit card information?How does one know it is secure? -- S.H.
Answer: The secret to Internet shopping security lies in the bottom left-hand corner of an Internet browser.
There's a little icon there that indicates the status of the Web page being browsed.
On Netscape Navigator 4.0 you'll see a padlock. If it's in the locked position the page is secure. On earlier versions you might see a full key (secure) or broken key (unsecure).
In Microsoft Internet Explorer 3.01 and later versions a closed padlock appears when a site is secure.
But before you plow ahead, it's important to understand what "secure" means. That requires a brief visit into the geek zone. So propellers on, please.
When a Web browser connects to a Web server, where Web sites are stored, text is sent back and forth across the public Internet for everyone to see -- should they be looking.
It's about as secure as sending a postcard to your Aunt Millie. Anyone who looks as it travels between Jamaica and Hinton, Alberta, knows instantly thatyou're having a fabulous time and that you're sunburned. It's not so great, if the card includes information about where your house key is hidden.
One way to keep information secret is to use encryption to hide the message. In the Internet world you'd encrypt or scramble the message using aNetscape invention called SSL or Secure Sockets Layer. That's a protocol which is built into Web browsers and is used to get information unmolested across the Internet.
Web pages that require an SSL connection start withhttps:// instead of http://. That's another clue thatyou have a secure connection.
SSL protects your personal data by using electronic keys. One used by the sender, the other by the recipient of the data.
Think of it in real-world terms. Bob has a secret he wants to send to Alice. He puts it in a strong box, locks it with a key and sends it to Alice. When she receives it she uses a copy of the key to unlock it and get the secret out.
That's a simplifed example of what's called symmetricalencryption.
In Internet terms, any data can be encrypted by running it through a mathematical process which is controlled by a key which is an electronic number. In symmetrical encryption, the same key number is used to encrypt (or lock) and decrypt (or unlock) the data at either end of the transaction.
If the key number is any number from 0 to 9, it takes 10 guesses to figure out which one was used. If it's any number between 0 and 999,999,999, it takes a little longer. And that's the essence of encryption.
"By making the key number very long, this means that the only way of decrypting the ciphertext successfully, without knowing the key, is by trying a lot of possible keys until the correct one is found," explains Robin Whittle in his cryptography tutorial at http://www.ozemail.com.au/~firstpr/crypto/.
This can take a long time. And the longer and more costly it takes to hack a code, the less likely a bad guy will bother.
There's a problem with symmetrical encyrption though. How does the sender tell the recipient which number to use to unlock it, without exposing the number to being discovered by a third party?
One method is by using public key encryption.
In this encryption method there are two keys that are created using a similar mathematical process.
One is a public key, which can freely be given to anyone that asks. The other is a private key kept secret by the recipient. The public key is used to lock the "box." The private key is used to unlock the box.
Conversely, a secret locked with the private key can only be unlocked with the public key. This is useful because if Bob locks with his private key, when Aliceopens the secret with the public key she knows it must have been from Bob because only he has the private key.
SSL uses both symmetrical and asymmetrical encryption together as well as a variety of other technologies to exchange data between two parties securely.
The latest browsers use either a 40-bit or 128-bit symmetrical key. Banks require the 128-bit version for online transactions.
If you use a browser that supports 40-bit technology and the server at the other end isn't happy with that level of security, it will refuse the transaction.
If a 128-bit key is used for symmetrical encryption, it gives approximately340,282,266,900,000,000,000,000,000,000,000,000,000 possible keys to encrypt the data with, writes Whittle. "If each such key was written on a piece of paper, then the stack of paper would be about 3,400 million billion light years high. I think the known extent of the universe is about one-hundred-millionth of this distance."
So is it safe to send your credit card over the Net? No.Even with numbers like the big one above, there's always a risk. The data may safely travel to the vendor's server, which could then get hacked.
Netscape's own 128-bit technology was hacked by researchers in a shorter time than expected. It was a result of human error. The original implementation wasonly capable of producing a tiny part of the possible key range. It's since been fixed.
The interesting angle on all this security business is that we wonder about Internet credit security and yet we're quite happy to call up the local pizza joint and give out our number over the phone, or worse, over an unsecure cordless phone.
The decision is yours to make. I think the Internet is safe enough, so I use my credit cards across the Net. I even bought a laptop that way recently.
For those who want more information, check out Netscape's Web site. They have a good reference at http://home.netscape.com/newsref/ref/rsa.html. RSA has a geek page at http://www.rsa.com/html/webmasterfaq.html, and also look at PC Webopedia's great definition and links list at http://webopedia.internet.com/ TERM/e/encryption.html.
E-mail: queries@cyberwalker.com
Books about this topic:
-- Computer Security Handbook
-- Maximum Security : A Hacker's Guide...
-- Buying Online for Dummies
-- C|Net Guide to Shareware.Com
-- The Computer Privacy Handbook
Adding RAM is easy, 
