Google has made a lot of headlines lately. The giant search engine popular enough to create a new verb in the English language plans to favor SSL encrypted websites in search results. Search engines like Google, however, aren’t the only ones pushing for a safer web. Several popular web browsers have made similar announcements, promising to ban unsecure HTTP websites in favor of the more secure HTTPS in the near future.
This move is the result of a series of factors, including Google’s announcement, the threat of POODLE attacks, and a general push for increased security online. The fact that Google’s browser, Chrome, will likely follow in the search engine’s footsteps also pushes other browsers to make changes to support the new security measures. Since phasing out unsecure HTTP addresses keeps browsers both current and secure, it’s little wonder several notable companies have joined the push. Security is by far their greatest concern. Users must feel safe using these browsers or they will gradually move to more secure options as man-in-the-middle data theft increases.
Do you ever see that little lock symbol in the address bar of your browser and wonder exactly what it’s doing? How does this “SSL” protect your data? I’m going to tell you a little story that will help understanding Secure Sockets Layer encryption a little easier.
Let’s say you have something you want to send the server over the internet that you don’t want prying eyes to have – a credit card number for example. If you just send it in plain text, anyone sitting out there with a packet sniffer monitoring traffic can find it, read it, and buy that new 50” LED TV they’ve been wanting… compliments of you! That’s where SSL comes in to play.
SSL requires a few things to work. First – there’s the box. This box will serve as the vessel to transport your secure data back and forth. But sending stuff in a box won’t make any difference if it’s not locked! To fix that, both the server and yourself generate two keys that can either unlock or lock the box: a private key and a public key. In order to get the ball rolling, you and the server trade public keys. The trick here? The public key is only used to lock the box, so we aren’t concerned with the bad guys getting it. The only way to unlock the box is with our private keys, which never touch the network.