HTTPS (30 Jul 2013)
Now we know for sure that way too many countries mistook "1984" for a training manual, including Germany.
It is about time to teach myself about security and cryptography.
Hartley Brody's
"How HTTPS Secures Connections: What Every Web Dev Should Know" happened to float by on Hacker News (IIRC) the other day. For me, it was a great start to
start exploring this wide field.
Key learnings:
- Certificates are required to authenticate communication partners. In other words, make
sure you are really talking to your bank and not to someone who enjoys spending
spare time on building web sites which look surprisingly like your bank's
- Following authentication, a "common secret" is established which is henceforth used
to encrypt communication contents. The magic sauce is the
Diffie-Hellman-Merkle algorithm.
Algorithms like this make it possible to exchange enough information in the open
to establish this common secret.
- For performance reasons, subsequent encrypted communication is symmetric.
Which pushes the following items on my reading/viewing list:
Revision: r1.7 - 31 Aug 2013 - 21:43 - ClausBrod