Know More About Secure Sockets Layer (SSL)

ENCRYPTION, INTERNET SECURITY
48 Comments

Know More About Secure Sockets Layer (SSL)Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server. Most of us are familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages. When we see this, we may wonder what’s the difference between http and https.

In simple words, a HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a SECURE communication.

What exactly is a Secure Communication?

Suppose there exists two communicating parties: Say A (client) and B (server).

Working of HTTP:

When A sends a message to B, the message is sent as a plain text in an unencrypted manner. This is acceptable in normal situations where the messages exchanged are not confidential. But, imagine a situation where A sends a PASSWORD to B. In this case, the password is also sent as a plain text. This has a serious security problem because, if an intruder (hacker) can gain unauthorised access to the ongoing communication between A and B , he can easily obtain the PASSWORDS, since they remain unencrypted. This scenario is illustrated using the following diagram:

Working of HTTP

Now let us see the working of HTTPS:

When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format. The encrypted message is decrypted on B‘s side. So, even if the Hacker manages to gain an unauthorised access to the ongoing communication between A and B he gets only the encrypted password (“xz54p6kd“) and not the original password. This is shown below:

Working of HTTPS

How is HTTPS implemented?

HTTPS is implemented using Secure Sockets Layer (SSL). A website can implement HTTPS by purchasing an SSL Certificate. Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the site visitors to trust it. It has the following uses:

  1. An SSL Certificate enables encryption of sensitive information during online transactions.

  2. Each SSL Certificate contains unique and authenticated information about the certificate owner.

  3. A Certificate Authority verifies the identity of the certificate owner when it is issued.

How Encryption Works?

Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it. When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption. The public key is made available to every one but the private key(used for decryption) is kept secret. So, during a secure communication, the browser encrypts the message using the public key and sends it to the server. This message is decrypted on the server side using the Private key(Secret key).

How to Identify a Secure Connection?

In the Internet Explorer and most other browser programs like Firefox or Google Chrome, you will see a lock icon Picture of the Lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar. You can click the lock to view the identity of the website.

In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.

So, the bottom line is, whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you have a secure communication. A secure communication is a must in these situations. Otherwise there are chances of a Phishing attack using a fake login page.

I Hope you like the information presented in this article. Please pass your comments.

48 Comments

  1. Slim0123
     January 27, 2009 at 5:22 PM

    Have a look at this:
    How Secure Is Encryption?
    So according to Murphy’s Law, with each moment that passes, the decrease in time to crack the encryption keys, goes up exponentially.
    So sooner or later we feel the need of new security measures that don’t just rely on keys but can give a perfect identity to each person which cannot be faked or recreated.

    Reply
  2. vinod
     February 19, 2009 at 3:59 PM

    some one hacked my account

    Reply
  3. atul
     February 21, 2009 at 6:00 PM

    But i think encryption key can also be cracked by an expert hacker.
    but overall you are the best…..

    Reply
  4. Dan
     March 6, 2009 at 1:14 AM

    Excellent post

    Reply
  5. naveen
     May 8, 2009 at 1:26 AM

    Yah,,,, this is the very good explanetion…any one can understand & helpfull for knowledge. thanks for information.

    Reply
  6. ANKUR
     May 15, 2009 at 2:07 PM

    MY ACCOUNT IS HACKED BY SOMEONE..PLZZ TELL ME HOW CAN I SAVE MY ACCONT BY GETTING HACKED BY SOMEONE..

    Reply
  7. ANKUR
     May 15, 2009 at 2:08 PM

    DIS ID IS HACKED BY SOMEONE ..PLZZ TELL HOW TO HACKED PLZ

    Reply
  8. oogle-google
     June 26, 2009 at 12:06 AM

    You have simplified every concept of hacking in a great way. Further suggestions and queries(in near future) will be posted to u.

    Reply
  9. stefan
     June 30, 2009 at 2:58 PM

    master
    how should i hack the encryted passwords

    Reply
    • Srikanth
       July 1, 2009 at 5:46 AM

      @ stefan

      Practically it’s not possible to crack the encrypted passwords since it takes years to break the encryption.

      Reply
  10. sumit
     July 1, 2009 at 5:49 PM

    Hello shrikant… i m new on site but i got really valuable information from ur site… It is really quite good for bigginer level comp. users also… thankx buddy.. keep going.. i subscribe my id to ur site but i m not getting update … can u tell me the reason..plz reply..

    Reply
    • Srikanth
       July 5, 2009 at 11:51 AM

      @ sumit

      You need to confirm your subscription to get an update. Also we publish only 3-4 times a month and so you have to wait for the updates.

      Reply
  11. balu
     September 16, 2009 at 9:53 PM

    Nice post. Now i have really got cleared of what is SSL.

    Reply
  12. hacccccker
     October 2, 2009 at 4:53 PM

    hello i saw ur site and navigate it all . i found it awesome.
    i have more then two years experience on hacking but i still learnt some usesful infomation from your site.
    thanks

    Reply
  13. Nidhish jain
     October 3, 2009 at 8:24 PM

    at your place u’v provided the information in a very beautiful way……but just imagine it in a visual form ok…
    | |
    | |
    | |
    [ A ]-1-|———————|——————-|-2—> [ B ]
    | | |
    encryption | | |encryption
    | | |
    |
    |
    hacker

    let it be that a hacker already passes the encryption way and crreated it own postfile(postroom) over there which controls it all the data sending from a to b. Here no encription work for a hacker but for the information sending to the B by A will be encrypted……..
    ok for that type of coding for that you’ve to pay for me…..a big amount…..it just a basic outlook….

    Reply
  14. Nidhish jain
     October 3, 2009 at 8:26 PM

    in above comment i’v made the desing through the special chaqracters in a proper arrangement but after it gonna get post it just make it in comreted format……

    Reply
  15. Rohitash
     October 5, 2009 at 1:18 PM

    Thnak you this is a very useful information for me…Thanks

    Reply
  16. Srikanth G
     January 2, 2010 at 5:10 PM

    Very clear cut information…….
    Thank U…

    Reply
  17. santanu bhattacharya
     February 5, 2010 at 9:06 AM

    I LIKE IT….. CAN U SEND ME ANY LINK WHERE I CAN LEARN HACKING AS A BEGINNER.

    Reply
  18. venkatesh
     February 9, 2010 at 11:27 PM

    gud one but i need to learn more of it

    Reply
  19. kushagra singh
     February 15, 2010 at 7:09 PM

    sir,
    i read the above information.i just want to ask that if I get the encrypted password then can decrypt or solve it by a c++ program. I made a c++ program based on encryption and decryption. please reply me…..on my mail….it will be grt if u cud reply me….

    thank u…

    Reply
    • Srikanth
       February 16, 2010 at 10:29 PM

      @ kushagra singh

      No the encrypted password cannot be decrypted by a C++ program. Each encryption has it’s own secret key without which decryption is not possible.

      Reply
  20. Sairam
     March 31, 2010 at 7:41 PM

    Srikanth,

    We have hosted site with ssl. Problem is SSL is on the name of server. But site URL is different. when we browse the site it gives a warning.

    Q. Will the passwords or cardnumbers are still safe in HTTPS?

    thank you in advance.
    Regards,
    Sairam.

    Reply
    • Srikanth
       April 18, 2010 at 6:43 PM

      @ sairam

      Yes the passwords will still be safe, however since it generates a warning it creates a bad impression for your customers

      Reply
  21. mahes333
     March 31, 2010 at 8:41 PM

    i want more detalies about how many encrpted techincs algarithum r there can u tell me also wihch website is best for reading ssl information

    Reply
  22. nitheesh
     May 1, 2010 at 11:35 PM

    nice xplnatn…

    Reply
  23. tripti
     May 21, 2010 at 7:27 PM

    yaaaaa
    its help me

    Reply
  24. Ali
     May 22, 2010 at 9:47 PM

    Yeeees, I had a wide knowledge on the encryption, decryption, entruder etc but your explanation with SSL added more knowledge for me on the topic.
    Thks alot!

    Reply
  25. SNS
     June 4, 2010 at 11:13 AM

    I dont understand one thing….

    How encryption is done with one key and decryption with the other…..?
    winrar or other common encryption tools are wat my arguement is based on…

    Clear my doubt please…

    SNS

    Reply
    • Srikanth
       June 4, 2010 at 3:31 PM

      @ SNS

      You need to understand the concept of RSA algorithm in order to understand SSL. Please go through RSA algorithm for clear understanding of encryption and the decryption process.

      Reply
  26. Abhishek
     June 8, 2010 at 12:52 PM

    how to decode the encrypted passwords, we only get encrypted passwords and by this we can’t hack nay password

    Reply
  27. Sathiya
     June 8, 2010 at 5:18 PM

    Thanks..ur post is very simple and informative.

    Reply
  28. roshan
     June 13, 2010 at 9:58 PM

    hotmail has no ssl ?

    Reply
    • Srikanth
       June 16, 2010 at 12:17 PM

      @ roshan

      Hotmail has SSL but it is not enabled by default. To use SSL type https://login.live.com/ and then login.

      Reply
    • Srikanth
       July 7, 2010 at 5:26 PM

      @ roshan

      Hotmail has SSL but is not enabled by default. Just replace the http with https in your address bar and you should see the SSL in action.

      Reply
  29. sanjaya
     July 13, 2010 at 7:57 AM

    Hey srikanth, Thankx for this yar….and i want some help with rar files..do you know how to unlock an encrypted file in rar?

    Reply
  30. Sankalp
     July 19, 2010 at 1:25 AM

    Very helpful..

    Reply
  31. anil saini
     July 28, 2010 at 2:40 PM

    can we hack public key????

    Reply
  32. ajayraj
     August 13, 2010 at 8:53 AM

    hey! shirikant i like your articles the most i read your most of the article and i got a lot of knowledge from these articles
    i want to be a professional hacker
    can you help me plz
    i will be very thankful to you brother

    Reply
  33. Rohit Dev
     August 18, 2010 at 11:09 AM

    I wants to be hacker…
    i just understand about security…

    Pls, tell me how to hack…

    Reply
  34. pintu
     September 5, 2010 at 11:37 PM

    thanks a lot srikanth. can u teach me hacking process from beginning? i really want to learn it . i m 22222 crazy about hacking u can thinking about it . i saw a dream 2 become a hacker that why i decided take computer science but my parents not allow to take cs. but now i study with ME. u r a only one person who can teach me hacking……… please think about it and i also forget the password of gmail account [email protected] help yaaaaaaaaaaaar

    Reply
  35. akash
     October 22, 2010 at 4:40 PM

    your site is interesting……. i’ll like to go through the whole of it…. by the way what do you do?

    Reply
  36. hitlor
     November 12, 2010 at 7:12 PM

    Thanks man!!!

    I got a lot of knowledge | thanks…

    Reply
  37. Jithin George
     November 23, 2010 at 3:01 PM

    SUPERB POST……….!!!

    All usefull info, no bull shits….. I like it this way……!!!!

    Reply
  38. M.A.D
     April 5, 2011 at 1:08 PM

    very good post………….

    Reply
  39. Chan
     May 19, 2011 at 7:45 PM

    it iz nice……………
    but i’m not getting how 2 hack……..

    Reply
  40. Mahesh Kadam
     July 13, 2011 at 7:08 PM

    Please clear me that i get the encrypeted data and as they are giving me the public key i should be able to decrypt the data because as simple logic with a door u can enter as well as u can exit?

    Reply
    • Srikanth
       July 27, 2011 at 2:57 PM

      @ Mahesh Kadam

      No that’s not possible. Once encrypted, you need the private key to decrypt it. I will show this with an example in my upcoming post.

      Reply

Leave A Reply

WHO IS BEHIND GO HACKING

I am Srikanth Ramesh, a computer engineer from India.

Right from the day one I was introduced to computers, I had a passion for Hacking and Information security.

So, I started this blog in 2007 to share my views and ideas with the world. It all started as a blogspot blog and was later renamed as gohacking.com in August 2008.

You can read more or connect with me on Facebook, Twitter and Google+.

Copyright © 2008-2013 GoHacking.Com. This content is copyrighted to Srikanth and may not be reproduced on other websites.
↑ Scroll to Top