Up to 18% of servers using Secure Sockets Layer (SSL) encryption technology for Web site encryption are potentially vulnerable to hackers, according to the latest monthly survey of Web server usage conducted by Netcraft.
The problem is far more pronounced in Europe than in the US, according to the survey.
SSL is a common protocol for managing the security of message transmission on the Internet. Browser-based SSL technology is most secure if the server's public key, used to guarantee the authenticity of a transaction, is at least 1024 bits long.
The use of shorter keys make it easier for hackers to break the key and impersonate the server, the company said.
Currently, about 60% of all Web sites using the SSL technology are based in the US and approximately 15.1% of those sites are using short keys, Netcraft said.
The proportion of Web sites using potentially vulnerable SSL keys becomes even larger outside of the US, the study found. In France, 41.1% of SSL sites use the shorter keys, followed by 31.9% in Spain and 26.5% in the UK, Netcraft said.
In Canada, 13.5% of SSL Web sites are using short keys, the study said.
Although the US government has eased export restrictions on strong cryptography, earlier restrictions are still having an effect on Net security today, said Netcraft.
"The US export legislation and locally acted legislation to restrict the use of cryptography in countries with repressive or eccentric administrations, does still cast a shadow over the security of e-commerce even years after the acts have been repealed," Netcraft said.
Because it is not obvious to the end user what a server's choice of cryptography is or how many bits are being used in a Web site's SSL encryption key, there is little pressure from end users to improve such security, the survey said. Presently, lock symbols are displayed in browser windows during SSL sessions to indicate that a site is secure, no matter what the length of the key is.
Netcraft suggested that browser developers could help improve future security by displaying a graded indication of key length.