Skip to content

Explaining the HTTPS protocol

26 mayo, 2021

If you attend a talk about internet safety, surely, sooner rather than later, a phrase similar to: make sure that, when you enter your bank, at the beginning of the address bar you can see the acronym https. And it’s true, we have to take a look, but why?

Many times the explanation is reduced to saying that a secure connection is established, and it is not false, but the truth is that we will be able to understand with a little more depth what it consists of. HTTPS, Y no need to do it with complicated words, or roll up for half an hour.

What problems does HTTPS solve?

HTTP is not a secure protocol.  There are peepers lurking

Many times, to understand why the hell someone has bothered to invent something complicated, it is better to think what for has devised it. Which are the problems that have led to the appearance of this HTTPS? The main problem is a lack of privacy in our browsing normal.

Normally, when we surf the internet we do it using the HTTP protocol, which simply establishes guidelines about how our computer (client) is going to communicate with a server (for example, the computer where the Genbeta page is hosted). It establishes how the data is transferred, and in this case, the data is transferred without any modification, as you are seeing them right now.

We can imagine that there is a pipe between our computer and the server through which the data passes. But in that pipe, someone could do a small hole through which you can see the information that travels from one side to the other, or even worse, modify the information that you send. In security settings this is referred to as a man-in-the-middle attack.

This is not a problem if someone gossip while visiting Genbeta, but it may be a problem while you are checking your credit card movements. Furthermore, if our man-in-the-middle pretends to be your bank … How can you be sure that your bank responds to you? Don’t you want to avoid these intrusions? Here it appears HTTPS.

How HTTPS works

HTTPS is a more secure protocol than HTTP

Since avoiding gossip in communication is something that can be classified as very difficult or impossible, the solution has been to make our peeping friend can’t understand what he’s looking through that little hole that it has done in the pipeline, and that it cannot put messages in the pipeline impersonating our bank (server) or ourselves (client).

At least in this matter of secure connections, magic does not exist. Before starting that secure connection, a communication is established between the client and the server in which the necessary details are agreed. This phase is called agreement, or in English handshake (handshake), and that’s where everything gets a bit complicated.

The handshake between client and server may vary depending on the authentication modes (verification of the identity of the sender of a message) and encryption to be used during the secure connection. It sounds difficult, but the systems used do not differ much from those used during World War II such as the famous Enigma code.

We imagine that we are capable of creating two special codes (or keys). So that a message can be encrypted with the first and decrypted with the second, and vice versa. Thus, an encrypted message with the first, ÚONLY it can be decrypted with the second, and a message encrypted with the second can only be decrypted with the first.

Now comes the trick. The first of them you make it public, you give it to all your friends, no problem. But the second is secret, you keep it as your greatest treasure. With this little trick we can do two essential things within the HTTPS protocol:

  • Verify our identity: If we encrypt a message (or part) with our secret code, anyone will be able to read it, but no one else will have been able to create it (they would need our top secret key). This is how you sign when you can’t use a pen.
  • Avoid peepers: If you want to send me a message, you use my public code to encrypt it and, for example, post it on a notice board (or in a comment). In this way, only whoever has my secret code will be able to read it, that is, only I will be able to know what it means. In fact, even you wouldn’t be able to read it once you encrypt it.

Inspiration | Digital Inspiration
In Genbeta | Twitter now allows you to use HTTPS throughout the session | Facebook adds safe browsing through HTTPS and a new CAPTCHA system