In the address bar of the browser, the URL of each website you visit always begins with HTTP or HTTPS, the latter considered more secure. For example, Facebook with more than two billion active users a day flaunts its status as an HTTPS website and that you confidently post your personal information without giving too many laps. But, what happens if that information that you share, often private, falls into the wrong hands? Well, this does not happen in the largest social network (at least it has not happened yet, that is, someone has ‘hacked’ the technological infrastructure, and when we speak of the wrong hands we mean cybercriminals and not the NSA, hee hee).
Returning to the topic, whether it is Facebook or an online financial transaction, where you use your credit card, what we all must take into account is that the website URL uses HTTPS. Why shouldn’t a simple HTTP website be used to transact online or store personal data? There is an obvious difference between both and today we are going to know it.
What is HTTP?
It’s the Hypertext Transfer Protocol that our computer science teachers once taught us. It is a request / response protocol based on the client / server communication mode. A client or agent that is your web browser or any other device that can access, receive and view web content.
The client sends a request message to a server that hosts the HTML content, which responds with the response message that may contain the HTML content requested by the client. The response message is a confirmation that the server has successfully received the request message.
Credit for the original development of HTTP goes to Tim Berners-Lee, who came up with the idea of the ‘World Wide Web’, and his team at CERN, who developed it together with HTML (Hypertext Markup Language). The first HTTP documentation was published in 1991 as HTTP / 0.9, which consisted of a single GET method. Development progressed, with HTTP / 1.0 in 1996 and HTTP / 1.1 in 1997.
HTTP uses TCP (Transmission Control Protocol) on port 80 to send and receive data packets over the network for Internet applications such as email, World Wide Web, file transfer, etc. However, it also uses UDP (User Datagram Protocol) which is an unreliable protocol, but it contributes to reducing the network latency used for live streaming (not to be confused with preloaded YouTube videos).
The latest addition to the family is HTTP / 2, developed by the Internet Engineering Task Force Group. This specification was approved as a proposed standard by the IESG in February 2015 and was published in May of that same year. It has been adopted by all the most famous web browsers.
What is HTTPS?
HTTPS development began in 1993 by Netscape Communications, an AOL company, who had their famous Netscape Navigator web browser in the 1990s. Originally implemented with SSL (Secure Socket Layer), the HTTPS protocol was later upgraded to use SSL / TLS (Transport Layer Security). It also uses TCP to send / receive data packets but uses a different port, 443.
The “S” stands for secure over HTTPS. What does it mean in lay terms? A website that uses the HTTPS protocol establishes an encrypted connection with the device. So if you try to send data to the web page, for example any name like Steve Jobs, the encrypted form will look something like ‘xkndsoumnkjbktkctfc’.
The data to be transmitted is encrypted using a public key that is used by the recipient to decrypt it. The public key is created by a server administrator or a user, it is included in a digital certificate known as an SSL Certificate and is signed by the certification authorities, such as VeriSign.
Most modern web browsers have built-in support for the HTTPS protocol. An integrated web browser with HTTPS protocol requires an SSL certificate signed by certificate authorities in order to authenticate a server or a website. You may have seen a green padlock placed before HTTPS in the Google Chrome address bar. Once you click on it, the certificate authority information for the website will be shown to you.
The HTTPS web page you visit must provide a valid certificate to your web browser in order to gain the trust of the browser. If it is unable to do so, the browser will display a warning message.
Basically, HTTPS is simply an HTTP connection wrapped in SSL / TLS encryption layer. All done to protect the integrity and privacy of the transmitted data and the assurance that it will not fall into the wrong hands while in transit. Its main reason is to check the authenticity of the website you visit. An unsecured connection such as a public Wi-Fi network could serve as the medium for man-in-the-middle attacks and spying.
The difference between HTTP and HTTPS
Simply put, HTTPS can be seen as an advanced override for HTTP equipped with more security. However, HTTP uses port number 80, while HTTPS uses port number 443 by default, which differentiates the two types of connection.
The only intention of HTTP is to display the information on the receiving device without worrying about how the data is transmitted between two devices. And it is the same for HTTPS, the only advantage is that the packets use an additional layer of security through the use of SSL / TLS which is also used by VPNs to encrypt the data, thus protecting you from prying eyes.
10 Basic Encryption Terms You Need To Know And Understand
Source: Fossbytes
