HTTPS: What does it hide?
Asked by
tonedef (
3935)
November 21st, 2008
I use all Google services through https, but I’m not sure how much of my information this actually protects. How much of my traffic through Reader, GMail, and Notebook is interceptable? If this would be too complex to explain on Fluther, a finger pointed to a more comprehensive resource would be great. Thanks, techies.
Observing members:
0
Composing members:
0
2 Answers
HTTPS hides all the information that’s sent in the HTTP transaction. It doesn’t hide the fact that you’re connecting to a Google server. And it only hides the information that’s sent as HTTPS—typically, GMail uses HTTPS to protect the transaction where you send your username and password, but after that, nothing is actually encrypted.
And even with HTTPS, your network traffic is interceptable—it just isn’t possible to decrypt it in a reasonable amount of time.
HTTPS doesn’t hide anything, it allows encrypted data to be sent between a server and client computer. Hiding it would suggest it tricks would-be attackers from knowing about the data’s existence at all. I like wikipedia’s explanation of it as a ‘digital handshake’ (linky). If you’re using a site which uses https, all data you submit (and most of what you receive) will be sent through this encrypted ‘digital handshake’.
On the subject of intercepting that data, I couldn’t try to word it better than the wiki page: “https only protects data in transit from eavesdropping and not man-in-the-middle attacks. Once data arrives at its destination, it is only as safe as the computer it is on. Gene Spafford states that it is like ‘using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box.’”
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.