There are a great many strong encryption algorithms, and a lot of effort has gone into cracking them. The most common method is called ‘brute force’, and involves searching through all possible keys, of length 1 to ‘x’. If the length of the key is known to be 8 bits, the number of possibilities is 28 (256). A PC needs less than 10 seconds to work through all possibilities. If the length of the key is increased to 40 bits, there are 240 possible keys, and it now takes several months to find the key. It is not impossible to find the key, but the expense involved probably exceeds the value of the protected data. It is self evident that a system is only as strong as its weakest part, and this applies equally to encryption algorithms. In theory, an RSA or RC4 (used in SSL) with a 40 bit encryption key is adequately secure for most purposes. The weak link in the encryption process is the generation of the key. The number of possible keys can be reduced if the hacker analyses the way in which the key is created. A weak key generation procedure can mean that it is possible to crack a strong encryption algorithm in a matter of minutes. This is what happened to SSL in 1995.