FUD Part 2 - 3DES vs SSL

Nothing like the smell of FUD in the morning :)

After my post about the Fear Uncertainty and Doubt (FUD) being spread by some competitors around incoming firewall ports - there is some new FUD to deal with.

This is that some organisations are claiming that our solution is not secure because we use SSL vs 3DES which they use.

This isn't really an accurate comparison as it's like comparing a boat with a car.

3DES is a type of encryption cipher (156 bit) and SSL is a secure channel of communication.

Windows Mobile uses SSL with RC4 cipher (128bit). This is the web standard for the most secure internet based communication between two entities (even used in online banking). 

Most use SSL or TLS with RC4 encryption today. To crack 128 bit key using exhaustive key search, it would take 5.4 x 10^(18) years to crack it doing 100 billion decryptions per second.  

Within Windows Mobile we can use 3DES as the cipher if you wish - all you have to do is enforce group policy setting for FIPS compliance on the Exchange Front End, it will use 3DES encryption over Exchange Activesync as well.