Up to 18 percent of servers using SSL (Secure Sockets Layer) encryption technology are potentially vulnerable to hackers, with the problem being far more pronounced in the UK than in the US, according to the latest monthly survey of web server usage conducted by Netcraft.
SSL is a common protocol for managing the security of message transmission on the internet. Browser-based SSL technology is most secure if the server's public key, used to guarantee the authenticity of a transaction, is at least 1024 bits long.
The use of shorter keys makes it easier for hackers to break the key and impersonate the server, according to the Bath-based company.
In a survey posted on its website Netcraft revealed that about 60 percent of all websites using the SSL technology are based in the US of which approximately 15.1 percent are using short keys.
In the UK, however, more than one in four SSL sites are using the shorter keys.
"Because it is not obvious to the end user what a server's choice of cryptography is or how many bits are being used in a website's SSL encryption key, there is little pressure from end users to improve such security," the survey reads.
Currently, lock symbols are displayed in browser windows during SSL sessions to indicate that a site is secure, no matter what the length of the key is.
Netcraft suggests that browser developers could help improve future security by displaying a graded indication of key length.