Symmetric vs Asymmetric Encryption: A Guide for Non-Techies - hackernoon.com
Symmetric vs Asymmetric Encryption: A Guide for Non-Techies - hackernoon.com |
- Symmetric vs Asymmetric Encryption: A Guide for Non-Techies - hackernoon.com
- Asymmetric vs Symmetric Encryption: Definitions & Differences - Hashed Out by The SSL Store™ - Hashed Out by The SSL Store™
- Chrome browser has a New Year’s resolution: HTTPS by default - Naked Security
Symmetric vs Asymmetric Encryption: A Guide for Non-Techies - hackernoon.com Posted: 05 Jan 2021 03:18 AM PST @casey-craneCasey CraneCasey Crane is a tech lover and cybersecurity journalist for Hashed Out and Infosec Insights. If you find understanding or explaining the differences between asymmetric and symmetric encryption daunting, then take a relaxing breath — we'll break it all down into layman's terms. Symmetric and asymmetric encryption — what are they and what do they mean in terms of data security? To put it simply, both are ways that individuals, businesses, and other organizations can protect their data. Asymmetric and symmetric encryption involve cryptographic techniques and tools, and both are useful in different types of digital environments. But these processes aren't all that easy to explain to others. This is why we've put together a non-techies guide. No matter whether you're new or advanced, this article can help you break down symmetric and asymmetric encryption. This way, you can easily explain it to others who may not be as tech-savvy as you. This will definitely come in handy for your upcoming holiday dinner conversations with family and friends. So, what is symmetric encryption and how does it differ from asymmetric encryption? Let's break each type of encryption down and compare them to see what is best in which applications. What Is Symmetric Encryption?Symmetric encryption means that your information is encrypted and decrypted using a single key. The data sender (or originator of the data) has one copy of the key, which they use to encrypt the data. (By "encrypt," I mean convert it from plaintext, readable data into unreadable gibberish known as ciphertext.) The data recipient, who has another copy of the same key, can use it to decrypt the data — meaning that they can revert it from ciphertext to plaintext.
The key itself is a string of randomly generated bits. When generated well and with enough entropy (randomness), the strings of bits should be completely unpredictable and, therefore, impractical to guess using modern computers. Symmetric encryption is what large businesses typically use in internal environments to encrypt their at-rest data. Why? Because symmetric encryption is fast, convenient, and isn't super resource-intensive in terms of bandwidth and processing power.
But symmetric encryption isn't perfect. In fact, it has a couple of important shortcomings that we have to talk about that mean that it can't stand on its own in public channels. But before we do that, let's first go over what asymmetric encryption is and why it's essential to the security of your data in public online environments. What Is Asymmetric Encryption?Now, let's take the concept of symmetric encryption and kick it up a level and you get asymmetric encryption. You see, asymmetric encryption is a cryptographic process that uses two separate keys — a public key and a private key — to encrypt and decrypt data. The keys are related but mathematically unique, unlike symmetric keys.
Now, while this may sound perfect, asymmetric encryption isn't a one-size-fits-all tool for security. Because it uses two separate and larger keys, it makes it too unwieldly and impractical for large-scale business encryption applications. As such, it's better suited as an authentication mechanism in many cases. This is why many businesses defer to using asymmetric key exchanges for authentication purposes and symmetric encryption to actually secure the data itself during the session. Don't worry — I'll also help you break down asymmetric key exchanges into layman's terms as well. The Role of a Public Key Exchange in Website SecurityThere's a related aspect of asymmetric encryption that comes Similarly, the key exchange process isn't truly a "key exchange," either. It's a bit of a misnomer. Rather, what it is, is a process that involves exchanging certain public variables and incorporating private variables to generate a shared key (i.e., a symmetric key) that only you and your intended recipient can create together. No, don't worry, I'm not going to get into all of the mathematical specifics of how that process works here. And your friends or family certainly won't need you to dive into all of that business, either. But you can check out this great video to get into more of the specifics on how that all works: Secret Key Exchange (Diffie-Hellman) - Computerphile
It's also important to note that this process is integral to the SSL/TLS
But asymmetric cryptographic process aren't the sole mechanisms used in website security. Symmetric encryption also plays a star role in website data encryption. Asymmetric and Symmetric Encryption Are Complementary in Website SecurityWhen it comes to website security, symmetric encryption and asymmetric cryptographic techniques go together like rock stars and bad life choices. You use techniques from one (asymmetric key exchange) to help make the other (symmetric encryption) more secure in public channels. In fact, you're actually using both of them right now to read this article. You see, when you connect to a website, any data that you send to that site is sent via an insecure protocol by default. This insecure connection is known as the hypertext transport protocol, or HTTP. This is the same insecure "http" that you'll sometimes see when you click on website URLs that display this type of warning message: Tisk, tisk, Apache.org. You know better than to leave your site insecure like this! When you transmit data using HTTP, it means that it's sent via plaintext. And considering that when you connect to a website, because of how HTTPS works, you're actually punted between multiple touchpoints along the way. And this means that your data also passes through all of those touchpoints as well. So, all of the types of data that you don't want falling into cybercriminals' hands — such as your name, address, credit card information, or other sensitive details — are vulnerable to being intercepted by bad guys. When bad guys intercept your data in this way, it's known as a man-in-the-middle attack (MitM attack) because they're essentially inserting themselves into the middle of your communication. As a result, messages from you to another party will pass through them first, which gives them an opportunity to read or even modify your message before passing it along. Needless to say, it's not only insecure, but it's also bad news for you and the person (or website) you're communicating with. So, to make this process more secure, website admins will instead opt to use the secure HTTPS protocol (which stands for "hypertext transport protocol secure") to transmit data between users and their web servers. They do this by installing an SSL/TLS (secure sockets layer/transport layer security) certificate — or what's otherwise known as a website security certificate. This type of digital certificate ensures that you connect via HTTPS instead of the insecure HTTP protocol. It makes your web address bar in Google Chrome display a friendly secure padlock icon like this (instead of the "not secure" warning like earlier): Image caption: As my grandfather loved to say, "this is more better." Every website should be using an SSL/TLS certificate to allow its users to securely As a result, instead of sending plaintext data across the internet, you're sending gibberish ciphertext that no one can decipher without the requisite private key. That's a win for you and a loss for the cybercriminals who want to mess you over. Asymmetric Key Exchange + Symmetric Encryption = Secure ConnectionsRemember how earlier I said that symmetric encryption had a few shortcomings? Well, the biggest one relates to key distribution. That's because there's only one key that could be known by a bunch of individuals. So, if you keep handing out that key to a bunch of different people, it gets harder to keep track of and can result in the key becoming compromised. You see, with symmetric encryption, you have to distribute the key in a secure way and make sure that only those authorized have a copy. Otherwise, if some authorized individual intercepts it, then they can simply decrypt your messages all they want. This means that either the keys must be exchanged in person or via a secure key exchange method. But if you're communicating with someone over the internet who's located across the world, that isn't really possible. This is where symmetric encryption comes into play. According to the National Institute of Standards and Technology (NIST), one of the leading authorities for cybersecurity standards, both types of encryption have their uses and work well together:
Basically, this massive run-on statement is a fancy way of saying that you should use both asymmetric key exchange/agreement and symmetric encryption processes together to securely distribute the shared key and create an encrypted connection. This is perfect for those otherwise open (and insecure) public, multi-user environments. Symmetric vs Asymmetric Encryption: Breaking Down the DifferencesAs you likely know, there are many ways that symmetric and asymmetric encryption differ in terms of how they work, the algorithms and keys they use, as well as when and where you should implement them. Let's go over a few of them. Symmetric vs Asymmetric Encryption Use Different Algorithms and Key Sizes Two of the biggest differences between symmetric and asymmetric encryption are:
Symmetric encryption algorithms are significantly faster and use smaller keys than their asymmetric counterparts. They can be used to encrypt and decrypt either blocks or streams of data. The keys tend to be smaller in terms of the number of random bits that they contain. Asymmetric encryption algorithms, on the other hand, use more complex encryption algorithms and significantly larger keys. This makes them great for encrypting and decrypting data in public channels in small batches, but not so great for use at scale. Okay, let's take a moment to compare their key lengths. I'll also break down some of the different encryption algorithms and key exchange agreements that fall under the umbrellas of symmetric and asymmetric encryption. Asymmetric Vs. Symmetric Key Lengths:If this is as clear as mud to you, let's have a quick comparison of what the difference looks like in terms of key lengths (using the random key generator at cryptotools.net): Yeah, just a wee bit of a difference in terms of key lengths, am I right? Now you can see why we say that using symmetric encryption is significantly faster than asymmetric encryption when you're encrypting and decrypting data at scale. So, what types of encryption algorithms are considered symmetric and which ones are asymmetric? Asymmetric Vs. Symmetric Encryption (and Key Exchange) Algorithms:The go-to standard for symmetric encryption is AES, or what stands for the advanced encryption standard. AES was announced as the replacement for the data encryption standard (DES) in October 2000. For asymmetric encryption, RSA (which stands for its creators' surnames — Rivest, Shamir, and Adleman — is the encryption algorithm that's most commonly used. As far as key exchanges go, though, RSA is still in use in TLS version 1.2 but is being deprecated in lieu of Diffie-Hellman in TLS 1.3. Each Type of Encryption Has Different UsesOkay, let's quickly go over some of the different uses for both types of encryption. For example, symmetric encryption is best used for:
Asymmetric encryption processes, on the other hand, are best
Final Thoughts on Symmetric and Asymmetric EncryptionWhen it comes to website and general internet security, it's easy to see how both of these types of encryption have important roles that help make it possible.
I hope this article has provided you with a little clarity about the differences between symmetric and asymmetric encryption, what each process is on its own, and how each applies to different situations and use cases. TagsJoin Hacker Noon Create your free account to unlock your custom reading experience. |
Posted: 07 Dec 2020 12:00 AM PST Encryption is what makes secure data exchanges possible on the internet — let's explore the differences between symmetric vs asymmetric encryptionAsymmetric vs symmetric encryption. Not sure what these terms are or what they mean in relation to your life? Let's put this into terms that'll help you understand their importance immediately. Encryption is everywhere. From sending emails and making online purchases to securing sensitive government or healthcare-related information, symmetric and asymmetric encryption play critical roles in making secure data possible in our digital world. They're what keep your communications secure and your sensitive data out of the hands of criminals (and the hands of anyone else who shouldn't have it). But what are symmetric and asymmetric encryption? When comparing asymmetric vs symmetric encryption, in what ways are they alike, and how are they different? Lastly, which is more secure in different applications? Let's hash it out. What Is Encryption and How Does It Work? A Quick RefresherOkay, this is going to be a bit of a heavy topic, but we're going to simplify this as much as possible to appeal to all of our readers, regardless of your level of tech-savviness. So, before we can jump right into talking about asymmetric vs symmetric encryption, I think it would be important to quickly review what encryption is in general and how encryption works in general. You can define encryption as a means by which to convert readable content (plaintext) into unreadable gibberish (ciphertext). Encryption is a mathematical operation that exists within the realm of cryptography. This is why you'll often hear people talking about encryption and cryptography within the same discussion or sometimes use the terms interchangeably. However, there's an important difference:
Basically, encryption is the process of transforming plaintext into ciphertext through the use of two important elements:
Let's take a look at a simplified illustration of the process to better understand how encryption works in general:
That's encryption in a nutshell. In the example graphic above, you may have noticed that the encryption and decryption keys are the same. No, this isn't a mistake — it's an example of symmetric encryption (which we'll talk more about shortly). That's because in symmetric encryption, one key encrypts and decrypts data. Asymmetric encryption looks similar, but it will involve using two separate keys that are related yet still unique. We've talked about different types of encryption before in some of our blog posts. But when it comes to a topic like asymmetric encryption vs symmetric encryption, there's a lot to unpack. So, let's explore each of these types of encryption individually to ensure a full understanding. Asymmetric vs Symmetric Encryption: What They Are & How They WorkWhat Is Asymmetric Encryption? Public Key Encryption Defined & ExplainedAsymmetric encryption is also a process of encrypting data between two parties — but instead of using a single key (as with conventional cryptographic systems), it uses two unique yet mathematically related keys to do so. The first key, known as the public key, encrypts your data before sending it over the internet; the other (aka the private key) decrypts the data on the recipient's end of the exchange. This is why asymmetric encryption is also known as public key encryption and public encryption. The public and private keys are mathematically related yet uniquely paired so that they match only one another. However, one key is publicly available while the other remains hidden and is never shared. However, encrypting data isn't all that asymmetric encryption does. As TV infomercials love to say — but, wait, there's more! Asymmetric encryption also offers:
Asymmetric encryption plays a crucial role in public key infrastructure (PKI), which we'll talk more about shortly. But first, let's hash out what symmetric encryption is and why it's also so important. What Is Symmetric Encryption? Secret Key Encryption Defined & ExplainedSymmetric encryption is another way to encrypt and decrypt data, but it uses one secret key instead of two to do so. Basically, the sender and the recipient have identical copies of the key, which they keep to themselves. This is why symmetric encryption is also known as private key encryption, private key cryptography, secret key encryption, secret key encryption, secret key cryptography, and symmetric cryptography. Symmetric encryption is the workhorse of cryptography. It's what enables you to encrypt massive quantities of data without bogging down processors, internet speed, and other IT resources. It's significantly more efficient than asymmetric encryption at scale and is an invaluable tool for large organizations and businesses in particular that value data security, privacy, and confidentiality. You'll find symmetric encryption in use for everything from banking and financial transactions to protecting data at rest. We recently wrote an article that offers a deep dive into the topic of symmetric encryption. Be sure to check that out for a more in-depth look at what symmetric encryption is and how it works. What Is the Difference? Symmetric vs Asymmetric EncryptionOkay, so now that we know what asymmetric and symmetric encryption are overall, let's compare and contrast them. There are several key traits that make symmetric and asymmetric encryption different in terms of how they work and where they're most valuable: 1. The Number, Nature, and Size of the Cryptographic KeysSymmetric keys are identical, whereas asymmetric public and private keys are mathematically related yet still unique. Symmetric keys are also typically shorter in length than their asymmetric counterparts. Symmetric keys are frequently 128 bits, 192 bits, and 256 bits, whereas asymmetric keys are recommended to be 2048 bits or greater. For example, here's an example of what a base64-encoded AES-256 symmetric encryption key looks like: Now, let's take a quick peek at what RSA 2048-bit asymmetric encryption keys look like. Public key: Private key: See the difference? But that's not the only thing that differs when comparing asymmetric vs symmetric encryption. 2. How the Keys Are DistributedWith asymmetric encryption, exchanging keys via digital public channels isn't an issue. That's because asymmetric key exchange protocols were literally designed with that very purpose in mind. To securely exchange symmetric keys, on the other hand, you'd need to meet up in person (offline). Not only is this inconvenient, but it also defeats the purpose of communicating digitally in the first place! Exchanging symmetric keys in public channels (like on the internet) otherwise is an issue because the key is vulnerable. Using asymmetric techniques in the key exchange process is more secure. This is why PKI incorporates the use of asymmetric key exchange protocols for the symmetric key exchange process as part of the TLS handshake. According to the original X.509 standards that were published by the CCIT (now ITU-T) and ISO in 1988:
Manage Digital Certificates like a Boss 14 Certificate Management Best Practices to keep your organization running, secure and fully-compliant. 3. The Types and Complexities of the Encryption AlgorithmsOne of the big differences between symmetric vs asymmetric encryption is the types of encryption algorithms used in each process. Symmetric encryption algorithms are either block ciphers or stream ciphers, and include algorithms like DES, TDEA/3DES, AES, etc. Asymmetric encryption algorithms, on the other hand, include algorithms like RSA, DSA, ECC, etc. 4. How Time-Consuming and Resource-Intensive Each Process Is at ScaleSymmetric encryption, because it's faster and only uses one key, is great for large organizations and businesses that need to encrypt vast quantities of data. Asymmetric encryption uses two separate keys and more complex algorithms in the encryption and decryption process, which makes it slower for encrypting and decrypting large amounts of data. However, when comparing asymmetric vs symmetric encryption, you also must keep in mind the channels that you're using it in. Is it a public-facing channel or something private? 5. One's Better Suited Than the Other For Use in Public/Private ChannelsWe've already talked about this, but to quickly summarize — symmetric encryption on its own is best suited for non-public channels and asymmetric encryption is best for public channels. That's a quick way to think of the differences with asymmetric vs symmetric encryption. But why does it have to be either/or? Why can't we use both together in a way that's complementary? Well, we do — and this concept is at the very heart of public key infrastructure. The Roles of Asymmetric and Symmetric Encryption in Public Key InfrastructureAsymmetric encryption and symmetric encryption both play crucial roles in public key infrastructure, or PKI for short. PKI is a framework of technologies, processes, and policies that serves as the foundation of internet security. Basically, it's what makes secure data exchanges possible over the internet. You see, the internet itself is insecure. So, PKI outlines everything that makes it possible to:
Public key encryption, key exchanges, and digital signatures all play pivotal roles in securing digital communications. Once parties are authenticated and keys are securely exchanged to create a secure connection, then symmetric encryption can often take over to speed up the data encryption process. Encryption Is What Makes Your Online Shopping, Banking & Other Data Exchanges SecureWithout encryption, the data you transmit across the internet travels in plaintext format. This means that anyone who can intercept it can read it. So, whenever you buy something from amazon.com, for example, your credit card and other personal information travel through multiple touchpoints — networks, routers, servers, etc. — located throughout the world. This means that when you transmit data through those channels, someone could intercept that data and read it. Of course, this is why we constantly preach about using websites that are secured by SSL/TLS certificates here at Hashed Out. Why? Because it means that your data is secure while traveling through all of those different channels to get from point A to point B. So, if you like being able to buy 'snazzy' custom socks that have your dog's face printed on them in private, without someone intercepting your order and stealing your credit card information, then you're a fan of PKI. Symmetric vs Asymmetric Encryption: Which Is Better?Forgive me for a moment as I channel my inner Peter Griffin, but "you know what really grinds my gears?" When I ask a question and I get the wishy-washy answer "it depends." But, in the case of determining which is "better" — asymmetric or symmetric encryption — that same loathed answer really rings true. That's because "better" can be defined in different ways depending on the specific circumstances at hand. For example, in non-public facing environments, symmetric encryption is great because it's a less complex process that allows for faster, more efficient data encryption. This means that you can encrypt large quantities of data without bogging down your IT resources. But when you use that same speedy encryption process in public channels on its own, without an asymmetric key exchange first, then it's not so great. In fact, it can be downright dangerous. This is why asymmetric encryption is so important in public channels (such as on the internet). Asymmetric encryption, although slower, is better for those circumstances where your data is at risk of being intercepted by unintended third parties. It offers you greater security in terms of authentication and non-repudiation — so you know you're talking to the right person — as well as data integrity. Symmetric vs Asymmetric Encryption: Which Is More Secure?So, to answer the question about whether symmetric or asymmetric encryption is more secure, I'd again have to give the dreaded answer, "it depends." And it really does — the answer depends on how you define "more secure" and in what context the encryption takes place. For example:
So, if you're comparing an asymmetric key pair and a symmetric key of equal size (in terms of bits) side by side, you'd be able to calculate the asymmetric pair's private key more easily. This explains why we use asymmetric key sizes (2048 bits or higher) that are significantly larger than symmetric key sizes (typically just 256 bits) in asymmetric encryption. However, the larger the asymmetric keys are, the more processing power they require. This is why, when establishing an encrypted website connection, we start out using an asymmetric key exchange before switching to symmetric encryption to secure the session. So, in that way, asymmetric encryption helps to make symmetric encryption more secure. Of course, this answer is also dependent on the technologies that are in use at the time. For example, asymmetric encryption methods like RSA are incredibly secure (but are also resource draining). It would take thousands of lifetimes to break this algorithm using modern computers. But what happens when computers get smarter, faster, and more capable? The Rise of Quantum Computing and Its Future Impact on EncryptionOf course, when it comes to encryption, concerns relating to quantum computing are always lurking. Quantum computers, unlike classical computers, operate using different directions that's based on quantum physics. As such, they can run advanced algorithms (quantum algorithms) and achieve things that traditional computers simply can't. As such, the overarching concern is that these computers, which are capable of completing steps and processing calculations at exponentially faster rates than our modern supercomputers, will break modern asymmetric cryptography as we know it. So, you'll often hear people calling out warnings about the dangers of quantum computing with regard to quantum cryptography. Shor's AlgorithmThis is what people are typically referring to when they talk about the threat of quantum computing to encryption. Mathematician Peter Shor came up with this algorithm, which provides exponential speedup, in 1994. (He later revised and expanded upon the paper a couple of years later.) The concern surrounding his algorithm is that it would make the factoring of larger numbers and calculation of discrete logarithms that asymmetric cryptography is based on vulnerable. Here's a quick video from Shor himself on the factoring algorithm: If that explanation was clear as mud, let's try a different approach. Essentially, it nullifies modern public key encryption schemes (like RSA). So, what this means is that quantum computers will break our modern asymmetric cryptosystems — leaving them useless against cybercriminals and other schmucks who wish to do bad things. However, Shor's algorithm applies to asymmetric cryptographic systems, not symmetric ones. You need the public key to be able to calculate the private key using Shor's Algorithm — and remember, symmetric encryption doesn't use public keys. But is there a type of algorithm that poses a threat to symmetric encryption? Yes and no. Grover's AlgorithmIf your first thought is of a blue Muppet when you read that header, then I'd suggest you grab another cup of coffee before reading this part. This algorithm, which was developed by Lov Grover in 1996, is one that applies to symmetric cryptographic systems. It's an algorithm that provides a quadratic speedup to address unordered search (whereas Shor's offers exponential speedup), which means that it can make brute-force searches substantially faster for encryption schemes that use smaller key sizes. The idea behind Grover's algorithm is that it essentially cuts symmetric key lengths in half, making them faster to compute. However, it's a concern is something that many experts believe can be addressed by increasing key spaces to double key lengths. Researchers in the Department of Informatics at the University of Oslo in Norway shared the following in an article in the International Journal of Advanced Computer Science and Applications (IJACSA):
The researchers go on to state some good news as far as symmetric encryption is concerned:
Researchers at Princeton University's Center for Information Technology Policy created a paper for Carnegie's Encryption Working Group that shares the following about the implications of quantum computing on encryption:
Preparing for the Future With Post-Quantum CryptographyLet me start off by saying that the situation isn't as bleak as some would make it out to be. Yes, absolutely, quantum computing poses a future threat to modern asymmetric cryptography. But the sky isn't falling — yet. There are some bits of good news to consider. For one, quantum computing is a concern we've known about for decades. Quantum cryptography was proposed back in the 1980s, and both Shor's and Grover's algorithms were developed in the mid-1990s. So, it isn't something new. Experts are working to come up with solutions and standards that will prepare us to deal with these issues once quantum cryptography officially arrives. For example, the National Institute of Standards and Technology (NIST) has been working on narrowing down the list to several post-quantum cryptography (PQC) algorithms as part of its standardization plan. For example, as of July 2020, they've managed to narrow the list down to just 15 algorithms for:
Why so many algorithms and why worry about it now? According to NIST's Post-Quantum Cryptography Call for Proposals page:
But there is good news here. Certificate authorities like Sectigo and DigiCert are trying to head such problems off at the pass. They're preparing for the inevitable by creating what they're calling "hybrid" certificates. The thought here is that these certificates will help prepare organizations for the impending PQC world while also still making it so that their systems and infrastructure are still compatible with non-PQC setups. So, instead of using certificates that support only current asymmetric encryption algorithms or PQC encryption algorithms, they'll enable your systems to still be interoperable with systems that support either or both types of algorithms. The truth is that we're still years away from having quantum computers commercially available. It's on the horizon, but we're just not there yet. So, all of this is to say that while quantum computers are a concern that the industry as a whole is preparing for, it's just a waiting game at this point. Final Thoughts on Asymmetric vs Symmetric EncryptionThere are so many benefits and applications for symmetric and asymmetric encryption. The more that you learn about these two methods of encryption and how they work to secure our data in digital spaces, the more fascinating it becomes. Hopefully, this article has helped you better understand the strengths and weaknesses of each process, as well as how they complement each other. Asymmetric and symmetric encryption alike both hold important places within the realm of public key infrastructure and digital communications. One without the other would be either incredibly insecure or so bulky and unmanageable that it wouldn't be practical. This is why both types of encryption are crucial to internet security as we know it. Have thoughts about symmetric and asymmetric encryption that haven't been covered here? Be sure to share them in the comments section below! |
Chrome browser has a New Year’s resolution: HTTPS by default - Naked Security Posted: 05 Jan 2021 06:56 AM PST HTTPS, as you probably know, stands for secure HTTP, and it's a cryptographic process – a cybersecurity dance, if you like – that your browser performs with a web server when it connects, improving privacy and security by agreeing to encrypt the data that goes back and forth. Encrypting HTTP traffic end-to-end between your browser and the server means that:
Without HTTPS, there are many places along the way between your browser and the other end where not-so-innocent third parties could easily eavesdrop on (and falsify) your web browsing. Those eavesdroppers could be nosy neighbours who have figured out your Wi-Fi password, other users in the coffee shop you're visiting, curious colleagues on your work LAN, your ISP, cybercriminals, or even your government. This raises the question: if snooping and falsifying web traffic is so easy when plain old HTTP is used, why do we still have HTTP at all? LISTEN NOW: UNDERSTANDING HTTPS/SSL/TLS |
You are subscribed to email updates from "what happens if i encrypt my phone,what does encryption do,the meaning of encrypted" - Google News. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |
Comments
Post a Comment