# Becareful w/ Paypal, SSL down to only 40 bits



## southernflounder (Nov 5, 2006)

I tried to place an order for some ferts from Greg Watson site and the checkout cart was linked to the Paypal site w/ an encription of only 40 SSL bits. I then went directly to Paypal's site and again it's only at 40 bits. 

Something is not right here b/c it is always at the max of 128 SSL. Either Paypal is being hacked or something is down on their system so becareful when you enter your user ID and PW. 

I'm not going to enter any personal info until the SSL is raised to 128 bits.

BTW 40 bits SSL can be hacked & is not secured enough.


----------



## Bert H (Mar 2, 2004)

For those of us (myself) who are computer idiots, what does that mean, and where do you see that info?


----------



## nswhite (Aug 25, 2006)

Ya, i would also like to know where you see this info please.


----------



## southernflounder (Nov 5, 2006)

OK they fixed the problem. Probably was a security maintenance late last night. When you go to their site put the mouse's cursor over the lock pad on the bottom of the screen and it will tell you how safe it is, either no security, minimal (40 bits) or max (128 bits).


----------



## JanS (Apr 14, 2004)

Thanks for the head up on that. I wonder how long it's been like that, since I paid for a few things using Paypal over the weekend.

I think you can find the SSL info by right clicking on the little lock icon when you're on a secure page.
I get automatic warnings if it has dropped too low or if there's another problem with the encryption (from my browser, I think), but I'm sure that's not fool-proof either.


----------



## Bert H (Mar 2, 2004)

Thanks for the info, I didn't know that.


----------



## hoppycalif (Apr 7, 2005)

As I understand it, the more bits used in the security key the more possible combinations there are, so the more effort is required to break the security key code. The number of combinations goes up exponentially, so going from 40 to 128 bits represents going from possible to virtually impossible to hack. At one time the feds refused to allow anyone to use 128 bit encryption because of the difficulties it would cause them in spying on people!


----------



## aquaboy (May 26, 2005)

Thanks gud to know this!

-Brian


----------



## nswhite (Aug 25, 2006)

Very good information to know. Thanks everyone for explaning.


----------



## Roy Deki (Apr 7, 2004)

Man that is good info, since I shop online alot. I never placed my cursor of the pad-lock before and now i'll always do it.

Thank you!!


----------



## goalcreas (Nov 20, 2006)

Here, Here!
thanks for the heads up and information, I have learned something today, it has been a good day.


----------



## southernflounder (Nov 5, 2006)

hoppycalif said:


> As I understand it, the more bits used in the security key the more possible combinations there are, so the more effort is required to break the security key code. The number of combinations goes up exponentially, so going from 40 to 128 bits represents going from possible to virtually impossible to hack. At one time the feds refused to allow anyone to use 128 bit encryption because of the difficulties it would cause them in spying on people!


Very good Hoppy, you know your stuff. In the mid to late 90's the 40 bits encription code was broken by a French guy, it took him 5 days to crack it. Later on the feds let only the U.S. use 128 SSL fearing that if used outside the states it will help the terrorist but now I think anyone can use it.


----------



## TNguyen (Mar 20, 2005)

Since we are on this subject. I beleive another way to verify if the site is secure is to look at the address bar on your web browser. If you see an "s" after http"s" then the site is secure. Go to www.paypal.com to see.

Thanh


----------



## hoppycalif (Apr 7, 2005)

TNguyen said:


> Since we are on this subject. I beleive another way to verify if the site is secure is to look at the address bar on your web browser. If you see an "s" after http"s" then the site is secure. Go to www.paypal.com to see.
> 
> Thanh


It is now 256 bit encryption! I suppose that means there aren't enough days left before the sun becomes a red giant to break that code.


----------



## Burks (May 25, 2006)

Yes I've heard 256 is becoming more popular with the increase in hacker skills. How widespread the usage of 256 is I do not know.

eBay (surprised?) now has 256 as well. Not sure if this is new with the PayPal upgrade or not.


----------

