Mike Temporale
03-01-2006, 06:00 PM
<div class='os_post_top_link'><a href='http://blogs.msdn.com/jasonlan/archive/2006/02/28/540493.aspx' target='_blank'>http://blogs.msdn.com/jasonlan/archive/2006/02/28/540493.aspx</a><br /><br /></div><i>"...some organisations are claiming that our solution is not secure because we use SSL vs 3DES which they use. This isn't really an accurate comparison as it's like comparing a boat with a car. 3DES is a type of encryption cipher (156 bit) and SSL is a secure channel of communication. Windows Mobile uses SSL with RC4 cipher (128bit). This is the web standard for the most secure internet based communication between two entities (even used in online banking). Most use SSL or TLS with RC4 encryption today. To crack 128 bit key using exhaustive key search, it would take 5.4 x 10^(18) years to crack it doing 100 billion decryptions per second. Within Windows Mobile we can use 3DES as the cipher if you wish - all you have to do is enforce group policy setting for FIPS compliance on the Exchange Front End, it will use 3DES encryption over Exchange Activesync as well."</i><br /><br />Jason Langridge clears the air about the level of security used in Microsoft's push email solution. If you've been thinking about deploying push email, but where worried about secure your messages would be, don't be. All you should be worried about is when your carrier will release MSFP enabling the full solution. :D