Editing 40-bit encryption (section)

==Obsolescence==
All 40-bit and 56-bit encryption algorithms are [[obsolete]], because they are vulnerable to brute force attacks, and therefore cannot be regarded as secure.<ref>{{cite web|last1=University of California at Berkeley Public Information Office|title=The only legally exportable cryptography level is totally insecure; UC Berkeley grad student breaks challenge cipher in hours|url=http://www.berkeley.edu/news/media/releases/97legacy/code.html|publisher=The Regents of the University of California|access-date=2015-12-14|date=1997-01-29|quote=This is the final proof of what we've known for years: 40-bit encryption technology is obsolete.}}</ref><ref>{{cite web|author1=Fitzmaurice, Ellen|author2=Tamaki, Kevin|title=Decoding the Encryption Debate: U.S. export restrictions and 'key recovery' policies are ineffectual as well as burdensome to business|url=https://www.latimes.com/archives/la-xpm-1997-06-01-me-64597-story.html|website=Los  Angeles Times|access-date=2015-12-14|date=1997-06-01|quote=But recent advances in computing technology have rendered 40-bit encryption dangerously weak and export limits commercially obsolete.}}</ref> As a result, virtually all Web browsers now use 128-bit keys, which are considered strong. Most [[Web server]]s will not communicate with a client unless it has 128-bit encryption capability installed on it.

Public/private key pairs used in [[asymmetric encryption]] (public key cryptography), at least those based on prime factorization, must be much longer in order to be secure; see [[key size]] for more details.

As a general rule, modern symmetric encryption algorithms such as [[Advanced Encryption Standard|AES]] use key lengths of 128, 192 and 256 bits.