I love the fact that we can turn on SSL encryption on the server to secure information between the server and the client, but how good is this encryption? Would it be on par with creating a VPN using SSL for security purposes ? and are there any known vulnerabilities with SSL that would comprimise the information.

It's TripleDES with HMAC-SHA1 as the integrity checker. TripleDES is generally held to be strong encryption. It is not as strong as AES; but it is still held to be strong encryption.

HTH

Steven

Thats great to know, thanks Steve.

Hi Steven, This is just a question I was asked and thought of you as someone that could answer it. I was asked "does Filemaker meet the federal encryption standard?" Based on the SSL (TripleDES with HMAC-SHA1) I would assume the answer is yes. Could you expand on this for me please.

Thanks, Ron

the federal encryption standard?

Which is what? There are a number of these for various agencies and uses. Some are actually classified.

Steven

In other words is the SSL Triple DES encryption still considered a strong enough encryption with AES available. I've read that AES is the federal standard for encryption even though Triple DES has yet to actually be comprimised. Just in case I’m asked this question I was looking for any input you may add. I work strictly in the law enforcement community and it seems to me that the security with the FM is quite adequate. Any input would be greatly appreciated.

There is no signle Federal standard. NIST 800-53 talks a lot about security within the Federal Government, but, for example, the DOD and Intelligence communities have their own standards that are actually classified.

TripleDES is considered strong encryption. So is AES. And there is now an effort underway--or there will be shortly--to develop a new standard.

It's an arms race.

Steven

Thanks again Steve, you're a wealth of informaton. Much appreciated!