Know More About Secure Sockets Layer (SSL)

Submitted by Srikanth on Monday, 26 January 200922 Comments

Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server. Most of us are familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages. When we see this, we may wonder what’s the difference between http and https. In simple words HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a SECURE communication.

What exactly is Secure Communication ?

Suppose there exists two communication parties A (client) and B (server).

Working of HTTP

When A sends a message to B, the message is sent as a plain text in an unencrypted manner. This is acceptable in normal situations where the messages exchanged are not confidential. But imagine a situation where A sends a PASSWORD to B. In this case, the password is also sent as a plain text. This has a serious security problem because, if an intruder (hacker) can gain unauthorised access to the ongoing communication between A and B , he can see the PASSWORDS since they remain unencrypted. This scenario is illustrated using the following figure

Now lets see the working of HTTPS

When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format. The encrypted message is decrypted on B’s side. So even if the Hacker gains an unauthorised access to the ongoing communication between A and B he gets only the encrypted password (“xz54p6kd“) and not the original password. This is shown below

How is HTTPS implemented ?

HTTPS is implemented using Secure Sockets Layer (SSL).A website can implement HTTPS by purchasing an SSL Certificate. Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the Web site visitors to trust it. It has the following uses

An SSL Certificate enables encryption of sensitive information during online transactions.
Each SSL Certificate contains unique, authenticated information about the certificate owner.
A Certificate Authority verifies the identity of the certificate owner when it is issued.

How Encryption Works ?

Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it. When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption. The public key is made available to every one but the private key(used for decryption) is kept secret. So during a secure communication, the browser encrypts the message using the public key and sends it to the server. The message is decrypted on the server side using the Private key(Secret key).

How to identify a Secure Connection ?

In Internet Explorer, you will see a lock icon Picture of the Lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar.You can click the lock to view the identity of the website.

In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.

So the bottom line is, whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you have a secure communication. A secure communication is a must in these situations.Otherwise there are chances of Phishing using a Fake login Page.

I Hope this helps.Please pass your comments.

Popularity: 7% [?]

Visitors who read this post, also read:

10 Tips for a Total Online Security

By using/following this site you agree to our Legal Disclaimer

Enjoyed this article?
Subscribe to GoHacking.Com and get daily updates in your email for free

22 Comments »

Slim0123 said:

Have a look at this:
How Secure Is Encryption?
So according to Murphy’s Law, with each moment that passes, the decrease in time to crack the encryption keys, goes up exponentially.
So sooner or later we feel the need of new security measures that don’t just rely on keys but can give a perfect identity to each person which cannot be faked or recreated.

- 27 January 2009 at 5:22 pm

vinod said:

some one hacked my account

- 19 February 2009 at 3:59 pm

atul said:

But i think encryption key can also be cracked by an expert hacker.
but overall you are the best…..

- 21 February 2009 at 6:00 pm

Dan said:

Excellent post

- 6 March 2009 at 1:14 am

naveen said:

Yah,,,, this is the very good explanetion…any one can understand & helpfull for knowledge. thanks for information.

- 8 May 2009 at 1:26 am

ANKUR said:

MY ACCOUNT IS HACKED BY SOMEONE..PLZZ TELL ME HOW CAN I SAVE MY ACCONT BY GETTING HACKED BY SOMEONE..

- 15 May 2009 at 2:07 pm

ANKUR said:

DIS ID IS HACKED BY SOMEONE ..PLZZ TELL HOW TO HACKED PLZ

- 15 May 2009 at 2:08 pm

oogle-google said:

You have simplified every concept of hacking in a great way. Further suggestions and queries(in near future) will be posted to u.

- 26 June 2009 at 12:06 am

stefan said:

master
how should i hack the encryted passwords

- 30 June 2009 at 2:58 pm

Srikanth (author) said:

@ stefan

Practically it’s not possible to crack the encrypted passwords since it takes years to break the encryption.

- 1 July 2009 at 5:46 am

sumit said:

Hello shrikant… i m new on site but i got really valuable information from ur site… It is really quite good for bigginer level comp. users also… thankx buddy.. keep going.. i subscribe my id to ur site but i m not getting update … can u tell me the reason..plz reply..

- 1 July 2009 at 5:49 pm

Srikanth (author) said:

@ sumit

You need to confirm your subscription to get an update. Also we publish only 3-4 times a month and so you have to wait for the updates.

- 5 July 2009 at 11:51 am

balu said:

Nice post. Now i have really got cleared of what is SSL.

- 16 September 2009 at 9:53 pm

hacccccker said:

hello i saw ur site and navigate it all . i found it awesome.
i have more then two years experience on hacking but i still learnt some usesful infomation from your site.
thanks

- 2 October 2009 at 4:53 pm

Nidhish jain said:

at your place u’v provided the information in a very beautiful way……but just imagine it in a visual form ok…
| |
| |
| |
[ A ]–1–|———————|——————–|–2—> [ B ]
| | |
encryption | | |encryption
| | |
|
|
hacker

let it be that a hacker already passes the encryption way and crreated it own postfile(postroom) over there which controls it all the data sending from a to b. Here no encription work for a hacker but for the information sending to the B by A will be encrypted……..
ok for that type of coding for that you’ve to pay for me…..a big amount…..it just a basic outlook….

- 3 October 2009 at 8:24 pm

Nidhish jain said:

in above comment i’v made the desing through the special chaqracters in a proper arrangement but after it gonna get post it just make it in comreted format……

- 3 October 2009 at 8:26 pm

Rohitash said:

Thnak you this is a very useful information for me…Thanks

- 5 October 2009 at 1:18 pm

Srikanth G said:

Very clear cut information…….
Thank U…

- 2 January 2010 at 5:10 pm

santanu bhattacharya said:

I LIKE IT….. CAN U SEND ME ANY LINK WHERE I CAN LEARN HACKING AS A BEGINNER.

- 5 February 2010 at 9:06 am

venkatesh said:

gud one but i need to learn more of it

- 9 February 2010 at 11:27 pm

kushagra singh said:

sir,
i read the above information.i just want to ask that if I get the encrypted password then can decrypt or solve it by a c++ program. I made a c++ program based on encryption and decryption. please reply me…..on my mail….it will be grt if u cud reply me….

thank u…

- 15 February 2010 at 7:09 pm

Srikanth (author) said:

@ kushagra singh

No the encrypted password cannot be decrypted by a C++ program. Each encryption has it’s own secret key without which decryption is not possible.

- 16 February 2010 at 10:29 pm