>Encryption is important because only you and the remote site can
>understand the data. Anyone in between ... say someone who's
>monitoring the information going to and from your computer ... sees only
>gibberish. It's an important way to keep your private data out of the
>hands of hackers and thieves.
If someone was monitoring my computer, how could https tell my computer what password to use to encrypt and decrypt the data without the person monitoring also getting the password?
Leo
September 9, 2005 1:34 PM
Because those passwords are never sent. Using something called public key cryptography, the sender can encrypt something with the public key that can only be decrypted by the private key. The private key is never shared, and is part of what the certification process validates. Obviously it's more complicated than that, but that's the basic idea.
when a sniffer is active on the machine where the browser is launched (to visit a site say a bank site), & if the https is being used, the sniffer will not be able to catch the data supplied from the browser -correct?
Leo
June 21, 2006 9:05 PM
If the sniffer is actually running on the machine with the browser, then all bets are off. It's effectively spyware and can see everything.
However a "sniffer" is typically a different computer "sniffing" the network, and https is the way to be safe.
Daniel jenkins
September 12, 2007 7:53 AM
thanks Leo my life just got easier can you recomend a survey web sit that pays.???? and when they say spam free is it really spam free???
Roland Gonzales
April 26, 2008 11:07 AM
I have a additional question. I understand that SSL is used to encrypt data as it is sent on a wire. But if I'm using a non-encrypted wireless access point, am I venerable to have my data sniffed between my laptop and my WAP? I understand without wireless encryption the data is sent through the airwaves in plain text.
asdfasdfas
June 13, 2008 1:10 PM
Why don't you answer Bob's question?! I need to know! Are GET requests also encrypted?
Leo
June 15, 2008 9:56 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bob's example goes to "http" so of course it would NOT be
encrypted.
That same example, to a server that supports "https" would
be encrypted.
What matters is that the URL of the page getting the
parameters, be it via a POST or a GET be an https URL.
Comments
Read the article that everyone's commenting on.
September 9, 2005 1:05 PM
>Encryption is important because only you and the remote site can
>understand the data. Anyone in between ... say someone who's
>monitoring the information going to and from your computer ... sees only
>gibberish. It's an important way to keep your private data out of the
>hands of hackers and thieves.
If someone was monitoring my computer, how could https tell my computer what password to use to encrypt and decrypt the data without the person monitoring also getting the password?
September 9, 2005 1:34 PM
Because those passwords are never sent. Using something called public key cryptography, the sender can encrypt something with the public key that can only be decrypted by the private key. The private key is never shared, and is part of what the certification process validates. Obviously it's more complicated than that, but that's the basic idea.
December 8, 2005 1:33 AM
Hey Leo, good read - thanks for your time. One question though - is the URL for a https site passed in cleartext over the internet, for example would this be bad? http://www.somedomain.com/login.asp?username=bob&password=apples
June 21, 2006 11:57 AM
when a sniffer is active on the machine where the browser is launched (to visit a site say a bank site), & if the https is being used, the sniffer will not be able to catch the data supplied from the browser -correct?
June 21, 2006 9:05 PM
If the sniffer is actually running on the machine with the browser, then all bets are off. It's effectively spyware and can see everything.
However a "sniffer" is typically a different computer "sniffing" the network, and https is the way to be safe.
September 12, 2007 7:53 AM
thanks Leo my life just got easier can you recomend a survey web sit that pays.???? and when they say spam free is it really spam free???
April 26, 2008 11:07 AM
I have a additional question. I understand that SSL is used to encrypt data as it is sent on a wire. But if I'm using a non-encrypted wireless access point, am I venerable to have my data sniffed between my laptop and my WAP? I understand without wireless encryption the data is sent through the airwaves in plain text.
June 13, 2008 1:10 PM
Why don't you answer Bob's question?! I need to know! Are GET requests also encrypted?
June 15, 2008 9:56 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bob's example goes to "http" so of course it would NOT be
encrypted.
That same example, to a server that supports "https" would
be encrypted.
What matters is that the URL of the page getting the
parameters, be it via a POST or a GET be an https URL.
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIVUnKCMEe9B/8oqERAtd7AJ4xwKv/XGJLCt7cZVw5BsTgybqhmACfSgYT
7LBS5HM9loiRsrnjTZwerhY=
=swIp
-----END PGP SIGNATURE-----
November 2, 2009 6:36 PM
In the office, is your chat still can be read by network administrator even by using https? Thanks Leo!
To post a comment on "Is an https connection really all that safe?", please return to that article's main page.