Server gated cryptography
Encyclopedia
Server Gated Cryptography (SGC) was created in response to United States federal legislation on the export of strong cryptography
in the 1990s.
The legislation had limited encryption
to weak algorithm
s and shorter key lengths if used in software outside of the United States of America
. As the legislation included an exception for financial transactions, SGC was created as an extension to SSL, with SGC certificates only issued to financial organisations.
This legislation has since been revoked and SGC certificates can now be issued to any organisation.
Today, SGC certificates are widely considered to be obsolete, as browsers requiring enhanced encryption capabilities are all but extinct, and many parties contend that facilitating the use of older, insecure browsers creates more security concerns than it remedies. However, many certificate authorities continue to charge a premium for this kind of certificate.
When an SSL handshake takes place, the software (e.g. a web browser
) would list the cipher
s that it supports. Although the weaker exported browsers would only include weaker ciphers in its SSL handshake, the browser did also contain stronger cryptography algorithms.
Internet Explorer
used SGC with 40-bit and 128-bit encryption starting with patched versions of Internet Explorer 3
, version 4
, and version 5+
.
Export of cryptography
The export of cryptography in the United States is the transfer from the United States to another country of devices and technology related to cryptography....
in the 1990s.
The legislation had limited encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
to weak algorithm
Algorithm
In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
s and shorter key lengths if used in software outside of the United States of America
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
. As the legislation included an exception for financial transactions, SGC was created as an extension to SSL, with SGC certificates only issued to financial organisations.
This legislation has since been revoked and SGC certificates can now be issued to any organisation.
Today, SGC certificates are widely considered to be obsolete, as browsers requiring enhanced encryption capabilities are all but extinct, and many parties contend that facilitating the use of older, insecure browsers creates more security concerns than it remedies. However, many certificate authorities continue to charge a premium for this kind of certificate.
When an SSL handshake takes place, the software (e.g. a web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
) would list the cipher
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...
s that it supports. Although the weaker exported browsers would only include weaker ciphers in its SSL handshake, the browser did also contain stronger cryptography algorithms.
Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
used SGC with 40-bit and 128-bit encryption starting with patched versions of Internet Explorer 3
Internet Explorer 3
Microsoft Internet Explorer 3 is a graphical web browser released on August 13, 1996 by Microsoft for Microsoft Windows and on January 8, 1997 for Apple Mac OS . It began serious competition against Netscape Navigator in the first Browser war...
, version 4
Internet Explorer 4
Microsoft Internet Explorer 4 is a graphical web browser released in September 1997 by Microsoft, primarily for Microsoft Windows, but also with versions available for Apple Mac OS, Solaris, and HP-UX and marketed as "The Web the Way You Want It".It was one of the main participants of the first...
, and version 5+
Internet Explorer 5
Microsoft Internet Explorer 5 was a graphical web browser released in March 1999 by Microsoft, primarily for Microsoft Windows, but initially with versions available for Apple Macintosh, Sun Solaris, and HP-UX. It was one of the main participants of the first browser war...
.