As part of our continuous drive to provide the highest levels of security for our shared premium hosting customers, we are delighted to announce that ECDSA SSL certificates will be added in the next version of cPanel (version 92).
So what does that mean to you?
We will explain what ECDSA is and how it will benefit you.
What is ECDSA?
The first thing that you need to know is that ECDSA stands for Elliptic Curve Digital Signature Algorithm. This algorithm was proposed way back in 1985. Elliptic curve is the most important part of this. It refers to elliptic curve cryptography (ECC), which uses an elliptical curve and the mathematics behind it to provide the cryptography.
ECDSA works by selecting a number from an elliptical curve and then multiplying this by another number which results in a new point on the curve. Even if a cybercriminal knew the starting number on the elliptical curve, it would be incredibly difficult for them to figure out where the new point is.
This makes ECDSA a lot more complex than the RSA (Rivest Shamir Aldeman) algorithm that is used in most SSL certificates on the Internet. You are probably using an RSA SSL certificate now. The complexity involved with ECDSA means that it is much tougher to crack than RSA. Using ECSDA SSL certificates will make the Internet a safer place.
ECDSA has another advantage over RSA which is scalability and performance. Both of these cryptography algorithms utilize public and private keys, but with ECDSA the keys are of shorter length. The use of ECC technology means that optimal security can be arrived at using keys of shorter lengths.
What is RSA?
RSA is another encryption algorithm that is very widely used for a variety of applications today including SSL certificates for websites. It works by selecting two very large prime numbers and then multiplying them to create a much larger number. This method is known as “prime factorization”.
For a cybercriminal to identify the two prime numbers used in RSA is a real challenge. We do not want you to think that RSA is not secure for a moment. But cracking RS cryptography has happened, although it took a great deal of computing power and time to achieve this.
The RSA encryption algorithm became a standard in 1994 and has really stood the test of time. It is very simple compared with ECDSA, and has withstood a great deal of scrutiny over the years. But there are some drawbacks with it and that is why it is so important that you know about ECDSA.
Why ECDSA over RSA?
At this point you may be wondering why we are so excited about ECDSA SSL certificates being available in the next version of cPanel. After all, RSA has a very good reputation and has been around for a long time.
Well the bottom line here is security. People are more competent at breaking RSA cryptography than they are ECDSA. To break RSA cryptography you need to identify a large number. Over the years we have become better and better at doing this.
If you want to break ECDSA cryptography then you need to figure out logarithmic elliptic curve mathematics. We are not good at doing this. In fact there have not been any significant advancements in cracking elliptic curve cryptography since it was first introduced in 1985.
The most important thing to understand here is that when you use ECDSA you can achieve the equivalent security levels that RSA offers using smaller keys. This is important because there are a number of reasons why smaller keys are preferable over larger keys.
With smaller keys, the algorithms generating the digital signatures are faster because there are smaller numbers to crunch. If you have a smaller public key then certificates reduce in size and you require less data to make a TLS connection. This leads to faster website loading times and connections.
An ECDSA SSL certificate would typically use a 256 bit key (elliptic curve) and this will provide the same level of security as an asymmetric 3,248 bit key. Usually, RSA based SSL certificates are 2048 bits.
You can achieve a lot more signatures per second with an ECDSA SSL certificate. Tests have shown that ECDSA SSL certificates can facilitate more than 9 times the number of signatures per second than an RSA SSL certificate.
Benefits of using ECDSA SSL Certificates over RSA SSL Certificates
To put all of this in perspective for you, here are the main benefits of using an ECSDA SSL certificate over an RSA SSL certificate:
- The level of security is higher – it is much harder to crack ECC cryptography
- Verification and signing processes are a lot faster (up to 40% quicker than RSA)
- SSL certificate sizes are smaller
- Faster loading of websites
- Supports government standards for information protection
The advantages of using ECDSA SSL certificates are clear. A more secure cryptography method and faster processing times are the main takeaways for you. You will soon find that you have access to ECDSA SSL certificates via cPanel with your premium shared hosting.
We at plupslushosting.net are always working hard to improve the security and performance of our premium web hosting services, and ECDSA SSL certificates is a further step in the right direction. Our aim is always that you get the best results from our premium hosting and always feel confident that your websites are secure with us.