Hacking For Beginners – Manthan Desai
2010
How is HTTPS implemented?
HTTPS is implemented using Secure Sockets Layer (SSL). A website can implement HTTPS by purchasing SSL Certificate.Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the Web site visitors trust it. It has the
following uses
1.
2.
3.
An SSL Certificate enables encryption of sensitive information during online transactions.
Each SSL Certificate contains unique, authenticated information about the certificate owner.
A Certificate Authority verifies the identity of the certificate is issued.
How Encryption Works?
Each SSL Certificate consists of a Public key and a Private Key. used to encrypt the information and theprivate key is used to decrypt it. When your browser connects the server sends a Public key to thebrowser to perform the encryption. The public key is made available to every one but the private key (used fordecryption) is kept secret. So during a secure communication, the browser encrypts the message using the public key andsends it to the server. The message is decrypted on the server side using the Private Key (Secret key).
How to identify a Secure Connection?
In Internet Explorer, you will see a lock in the Security Status bar. The Security Status bar is located on the rightside of the Address bar. You can click the lock to view the identity of the website.
In high-security browsers, the authenticated organization name is prominently displayed and the address barturns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificatehas expired, the browser displays an error message or warning and the status bar may turn RED .
So the bottom line is, whenever you perform an on-line transaction such as Credit card payment, Bank login or Emaillogin always ensure that you have a secure communication. A secure communication is a must in these situations.Otherwise there are chances of Phishing using a Fake login Page .
How secure is the encryption used by SSL?
It would take significantly longer than the age of the universe to crack a 128-bit key.
SSL uses public-key encryption to exchange a session key between the client and server; this session key is used toencrypt the http transaction (both request and response). Each transaction uses a different session key so that even if
www.hackingtech.co.tv
Page 217