Why instance messenger not using SSL technology?

Question

Why instance messenger not using SSL technology?
how to crack SSL within one hour?

Answer 1

IM encryption software (googled it up not sure does it do what it promises):
http://www.secway.fr/us/products/simppro/spec/adv_allim.php
To encrypt IM at your end (to prevent someone from sniffing your traffic from your network or by your ISP):
http://www.iopus.com/ipig/
(last software will route all communication via iPig servers through encrypted tunnel, however communication will be encrypted only half way from your PC to iPig. From iPig to receiver it will go unencrypted).
Generally to have communication encrypted all the way, other end would have to have very same encryption client as you (I know there are ones – just do some googling).

Effective ability to break encryption (not cracking really but rather manipulation of LAN traffic and certificates) is available only from LAN (as when you use unsecured or compromised wireless connection or some public network like: school, work, hotel, WiFI hot spot etc) with help of “APR poisoning” and “man in the middle attack”. Still it is not possible to do it totally stealthily (at least to my knowledge) – browser usually will display warnings about expired or invalid certificates.

Answer 2

First off, it's called INSTANT messaging, not INSTANCE messaging.

It generally doesn't use SSL for cost and performance reasons. SSL certs cost money and eat up a lot of server-side processing power handling the encryption and decryption.

Free, public IM systems (Yahoo & MSN Messenger, for example) don't use SSL for that reason. Private enterprise-class IM systems DO use support SSL and most companies that use them self-publish their own certs and do encrypt their IM systems.

You won't crack SSL in an hour unless the site is using 40-bit certs. 128-bit or larger certs are uncrackable with today's technology.