Skip to main content

What is HTTPS, Encryption, and Cipher?

ARD

By now you may have heard that a secure website starts with HTTPS and not just HTTP. And you have been making sure the site is secure when you access certain resources or post sensitive data. That is well and good but there seems to be a misconception that secure automatically means legitimate or authenticate site. It is not.

Just because a website uses HTTPS doesn't automatically make it the authentic and legitimate site. So what is the difference? To understand the difference let us first make sure HTTPS is understood in its basic meaning.

In the anotated screenshot of the Browser Chrome and Firefox, the browser designer and developers decided that there should be an indicator showing that a site uses encryption. You can see that the ones using HTTPS have a padlock icon or text "secure" and the HTTPS string (protocol) is in color green. And what does it indicate?

It indicates that data is encrypted during transport from your browser to the server. So why is it being said that the data is secure? It is said so because theoretically the only one who can read the data is the browser it is sent from & the server it is sent to and vice versa. It does this by adding a way or a method of writing the text transmitted that makes it unreadable to those who don't know the method.

Let's apply it to old-school message sending. We can liken Encryption as the process of writing the text in a certain method. And that certain method is called the Cipher. Wait, what is a cipher? A cipher is the algorithm or the way to make the text hidden or unreadable.

Cipher

The cipher is the algorithm or the method of writing data or text in such a way that it is only readable to those who are know the cipher or is intended to read it.

Shift+Substitution Cipher

Among the most basic of cipher is the shift substitution cipher. As the name indicates, it shifts and substitutes one thing for another. To implement this, one can have a table which maps out the character and states some basic rules. Let's attempt to simplify this. Let's take for example the alphabet, numbers, and a few characters like period, dash, comma, exclamation and question mark. And use a shift of 5 characters.

ABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-,?!
EGHIJKLMNOPQRSTUVWXYZ01234567890.-,?!ABCD

Which would then mean that when we write "Hello!", we have to write it as "MjqqtD"

You can clearly see how it adds to the security of the data from send to receiver. Of course, this is a very rough explanation of what a cipher is.

HTTPS Usage Intent

As you can see, the possible intended use of Encryption is not to be able to tell which site is legitimate but simply to make the message difficult or extremely difficult for those who do not know what cipher is used or doesn't have the proper key to decipher it.

Alternatively you can think of unencrypted (unsecured) web as an open letter where everyone is free to read vs. a sealed envelope sent directly to the intended recipient and only to the person addressed on the letter. The sealed letter and the cipher used to write the letter can be altogether called Encryption.

How HTTPS Was Perceived As Synonymous to Legitimate Sites

If you have read this far, we're sure you are already why was there a point in time that it appears that using https meant you are using the right site? We're pretty certain that the people who sold the idea were not technical people. So listen up! The reason behind that is because it was costly to purchase a security certificate to be used in a website to implement encryption.

Selling security services and actually implementing, designing & developing the service are fields with very different language. Sales and marketing often use "creative liberties" whereas people in the engineering and development arena are more stringent in adhering to the definition. A mistake in sales may mean loss of money while a mistake engineering could mean a loss of life.

What is HTTPS

So to cut the story short, HTTPS is simply an application of a Security practice of Encrypting data sent-and-received back-and-forth through the Hyper Text Transfer Protocol (HTTP), hence, the S in HTTPS. It does not imply authenticity or legitimacy of the claims of the site or implied service.

What Now

It is in our best interest that legimate sites implement encryption or HTTPS throughout their website but everyone must understand that it does not in any way lend or verify legitimacy or authenticity of a website's claim of functionality or feature.

We suggest you read the articles in our blog to help make yourself a more informed netizen and avoid the dangers in the internet. Alternatively, you can subscribe to our blog so you'll know when we publish article geared towards raising information security online and offline.

LABELS:

Comments

Post a Comment

Popular Posts

Protect Personal Information - Present and Future Value

Net Safety PH
Dear Mothers, We understand you are proud of your child. You can shout to the world that you are but please do not share your child's personal information online.
Post a Comment
Read More

Like Farming - Not All You Like Is What It Is

Net Safety PH
Only a few people will really believe warnings such as the one we're about to quote. It goes like this:
Post a Comment
Read More