Site moved to secure https protocol

Site moved to secure https protocol

In some services, for example, in electronic payment systems, data protection is extremely important, so they use only HTTPS. This protocol is also very often used in other services that process private information, including any personal data. Many Yandex services work only on the HTTPS protocol: Passport, Mail, Direct, Metric, Taxi, Yandex.Money, as well as all forms of feedback dealing with personal data of users.

All modern browsers support the HTTPS protocol. It does not need to be specially tuned - it is automatically included in the process, when it is necessary and possible.

Why HTTPS is safe
Secure data in HTTPS is provided by the cryptographic protocol SSL / TLS, which encrypts the transmitted information. In fact, this protocol is a wrapper for HTTP. It provides data encryption and makes them unavailable for viewing by outsiders. The SSL / TLS protocol is good because it allows two unfamiliar network members to establish a secure connection through an unprotected channel.

Suppose today is the last day of the month, and you remember that you need to pay for the Internet. On the provider's website you find the right link and go to your personal account. All the transmitted information you probably want to keep secret, so it must be encrypted: this is your password, and the amount of payment and credit card number. The problem is that initially your computer exchanged data with the provider's server through an open channel, that is, over HTTP. How can you establish a secure connection over HTTPS in such conditions, assuming that the channel is always listening? To do this allows a simple mathematical trick.

How does a secure connection work?
Imagine that you want to transfer something to another person. You put it in a box and mail it. And so that the courier - or anyone else - does not steal it, you lock the box to the lock. The courier delivers the box, but your addressee can not open it - it does not have a key. Then he hangs his lock on the box and sends it back to you. You get a box under two locks, take your own - now it's safe - and send again. The addressee finally gets a box on which only his lock hangs, opens it and takes out what you sent him.
 It was necessary to exchange with the interlocutor the ciphered messages. In the box you sent him the key to the cipher, and now he is known to both of you. Now you can openly exchange encrypted messages, without fear that someone will intercept them - still they can not be understood without a key. Why such complexity and why it was impossible to transfer the parcel separately, and the key to the lock separately? Of course, it was possible, but in this case there is no guarantee that the key will not be intercepted and someone else will not open the package.
A similar principle is based on the operation of the SSL / TLS protocol. When setting up a secure HTTPS connection, your computer and server first select the shared secret key, and then exchange information by encrypting it with this key. The shared secret key is generated anew for each communication session. It can not be intercepted and almost impossible to pick up - usually this number is more than 100 characters long. This one-time private key is used to encrypt all communication between the browser and the server. It would seem that an ideal system that guarantees absolute connection security. However, for complete reliability, it lacks something: a guarantee that your interlocutor is exactly who he claims to be.


There are no comments yet

Leave a Comment

Пользовательское соглашение

^ Go up