HTTPS (30 Jul 2013)

Now we know for sure that way too many countries mistook "1984" for a training manual, including Germany. It is about time to teach myself about security and cryptography.

Hartley Brody's "How HTTPS Secures Connections: What Every Web Dev Should Know" happened to float by on Hacker News (IIRC) the other day. For me, it was a great start to start exploring this wide field.

Key learnings:

  • Certificates are required to authenticate communication partners. In other words, make sure you are really talking to your bank and not to someone who enjoys spending spare time on building web sites which look surprisingly like your bank's big grin
  • Following authentication, a "common secret" is established which is henceforth used to encrypt communication contents. The magic sauce is the Diffie-Hellman-Merkle algorithm. Algorithms like this make it possible to exchange enough information in the open to establish this common secret.
  • For performance reasons, subsequent encrypted communication is symmetric.

Which pushes the following items on my reading/viewing list:



When asked for a TWiki account, use your own or the default TWikiGuest account.


Revision: r1.8 - 26 Sep 2013 - 16:09 - ClausBrod
Blog > DefinePrivatePublic20130730Https
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback