>Hi, folks, someone just told me that both Netscape and Microsoft have
>already embeded 128-bit technology in their 40-bit browsers, so we can
>force the transmission of data using 128-bit encryption on the
>server side even when the customers are using 40-bit browsers, can
>anybody confirm to us if this is true or not? Thanks a lot in advance.
You're thinking of Server-Gated Cryptography (SGC). It's present in
all Netscape and IE 4.x and later browsers, and in IE 3.02 if you
install a service pack. To turn it on, you need a special server
certificate (Verisign Global ID) which costs a lot more than a regular
certificate and is subject to cryptographic export regulations.
It's kind of an annoying handout on the government's part, but it's
the simplest way to provide high strength encryption on a web site.
See www.verisign.com (click the "free guide to 128 bit SSL") link
for more info.