FUD Part 2 – 3DES vs SSL

Nothing like the smell of FUD in the morning 🙂

After my post about the Fear Uncertainty and Doubt (FUD) being spread by some competitors around incoming firewall ports - there is some new FUD to deal with.

This is that some organisations are claiming that our solution is not secure because we use SSL vs 3DES which they use.

This isn't really an accurate comparison as it's like comparing a boat with a car.

3DES is a type of encryption cipher (156 bit) and SSL is a secure channel of communication.

Windows Mobile uses SSL with RC4 cipher (128bit).  This is the web standard for the most secure internet based communication between two entities (even used in online banking). 

Most use SSL or TLS with RC4 encryption today. To crack 128 bit key using exhaustive key search, it would take 5.4 x 10^(18)  years to crack it doing 100 billion decryptions per second.  

Within Windows Mobile we can use 3DES as the cipher if you wish - all you have to do is enforce group policy setting for FIPS compliance on the Exchange Front End, it will use 3DES encryption over Exchange Activesync as well. 


Comments (6)
  1. Adam says:

    What about AES?  More interestingly to me, what about PGP or S/MIME to the phone, so that I can encrypt my email as it comes in to my mail server, and then forward the encrypted message to my phone, and not worry about my carrier or other over the air issues?

  2. MSDN Archive says:

    adam, we support S/Mime in SP2 and MSFP so you can use that if you wish.

  3. Nino.Mobile says:


    Software / Hardware 

    infoSync World has a review of the Samgung SGH-i300 (you know,…

  4. Adam says:

    Jason–cool!  (Is that WM5 only, or is it available for 2003?)

  5. MSDN Archive says:

    Adam – No that’s WM5 not 2003

  6. You say that RC4 is "the most secure" encryption algorithm. I’m afraid that is not true. AES or even 3DES are much harder to crack .

    Does Windows Mobile support 3DES only with Exchange Activesync? The SSL protocol is perfectly capable of negotiating which algorithms to use, RC4 or 3DES. So in my opinion 3DES should work with HTTPS as well.

Comments are closed.

Skip to main content