SECURITY FAQ
(Frequently Asked Questions)

Q: How is my order handled?

Our on line form sends it's information through a secure server to The Santa Fe Balloon Company.

If you wish to verify this information, look at the bottom of your browser. There should be a lock or key at the bottom. By clicking on that icon, you will have a screen that comes up with security information about the page. It will say that the page is not secured. However, the program that the information is sent to is secure. You can see that a site (any site) is secure by looking for the https at the front of the URL. The http with the s means that a transaction is via a secure, encrypted web server.

Q: How secure is the encryption used by SSL?

SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http transaction (both request and response). Each transaction uses a different session key so that if someone manages to decrypt a transaction, that does not mean that they've found the server's secret key; if they want to decrypt another transaction, they'll need to spend as much time and effort on the second transaction as they did on the first.

Netscape servers and browsers do encryption using either a 40-bit secret key or a 128-bit secret key. Many people feel that using a 40-bit key is insecure because it's vulnerable to a "brute force" attack (trying each of the 2^40 possible keys until you find the one that decrypts the message). Using a 128-bit key eliminates this problem because there are 2^128 instead of 2^40 possible keys. Unfortunately, most Netscape users have browsers that support only 40-bit secret keys. This is because of legal restrictions on the encryption software that can be exported from the United States (The Federal Government has recently modified this policy on following the well-publicized cracking of a Netscape message encrypted using a 40-bit key. Expect this situation to change).

In Netscape you can tell what kind of encryption is in use for a particular document by looking at the "document" information" screen accessible from the file menu. The little key in the lower left-hand corner of the Netscape window also indicates this information. A solid key with two teeth means 128-bit encryption, a solid key with one tooth means 40-bit encryption, and a broken key means no encryption. Even if your browser supports 128-bit encryption, it may use 40-bit encryption when talking to older Netscape servers or Netscape servers outside the U.S. and Canada.

Q: My Netscape browser is displaying a form for ordering merchandise from a department store that I trust. The little key at the lower left-hand corner of the Netscape window is solid and has two teeth. This means I can safely submit my credit card number, right?

Not quite. A solid key with two teeth appears indicates that SSL is being used with a 128-bit secret key and that the remote host owns a valid server certificate that was certified by some authority that Netscape recognizes. At this point, however, you don't know who that certificate belongs to. It's possible that someone has bought or stolen a server certificate and then diverted network traffic destined for the department store by subverting a router somewhere between you and the store. The only way to make sure that you're talking to the company you think you're talking to is to open up the "Document Information" window (from the File menu) and examine the server certificate. If the host and organization names that appear there match the company you expect, then you're probably safe to submit the form. If something unexpected appears there (like "Embezzlers R Us") you might want to call the department store's 800 number.

Q: Yes, all that is fine, but what about your software? Won't the number stick around on the disk forever?

The SSL encryption will take care of network transmission. But we don't want to make it easy for just anybody, even those with access to our system, to view your number. The number is encrypted before ever being written to a file.

First of all, after you enter your number, it is kept in memory only until until it is encrypted. At that time, it is scrubbed from the program's memory. The now-encrypted card number (with the password only known to our order entry personnel) is then written to a file with permissions set so only the program can get at it.

And the program will never send even the encrypted number via the network, only write it to disk.

Your expiration date is also encrypted.

After the number is written, if you actually place the order, the order information will be saved in that file only until we process your order with our ordering system, usually the same or next business day. At that time, the encrypted number will be overwritten with data, to make sure it is wiped from the disk, then the order information deleted.