Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

SSL encryption question

Sergeant Ron
 Share

This topic is 6454 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Sergeant Ron Collaborator

Sergeant Ron

Posted
Posted

I love the fact that we can turn on SSL encryption on the server to secure information between the server and the client, but how good is this encryption? Would it be on par with creating a VPN using SSL for security purposes ? and are there any known vulnerabilities with SSL that would comprimise the information.

Steven H. Blackwell Grand Master

Steven H. Blackwell

Posted
Posted

It's TripleDES with HMAC-SHA1 as the integrity checker. TripleDES is generally held to be strong encryption. It is not as strong as AES; but it is still held to be strong encryption.

HTH

Steven

  • 4 months later...
Sergeant Ron Collaborator

Sergeant Ron

Posted
  • Author
Posted

Hi Steven, This is just a question I was asked and thought of you as someone that could answer it. I was asked "does Filemaker meet the federal encryption standard?" Based on the SSL (TripleDES with HMAC-SHA1) I would assume the answer is yes. Could you expand on this for me please.

Thanks, Ron

Sergeant Ron Collaborator

Sergeant Ron

Posted
  • Author
Posted

In other words is the SSL Triple DES encryption still considered a strong enough encryption with AES available. I've read that AES is the federal standard for encryption even though Triple DES has yet to actually be comprimised. Just in case I’m asked this question I was looking for any input you may add. I work strictly in the law enforcement community and it seems to me that the security with the FM is quite adequate. Any input would be greatly appreciated.

Steven H. Blackwell Grand Master

Steven H. Blackwell

Posted
Posted

There is no signle Federal standard. NIST 800-53 talks a lot about security within the Federal Government, but, for example, the DOD and Intelligence communities have their own standards that are actually classified.

TripleDES is considered strong encryption. So is AES. And there is now an effort underway--or there will be shortly--to develop a new standard.

It's an arms race.

Steven

This topic is 6454 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept