Por que não https em todo lugar? [fechadas]

-1

Então o https deve ser mais seguro que o http (criptografado), por que o https não é usado em todos os lugares? Não tornaria a web um lugar mais seguro? Qual poderia ser a razão pela qual o https não é implementado quando melhora a segurança?

    
por user12042 11.05.2014 / 13:36

1 resposta

3

Eu não pude resistir a uma resposta de copiar e colar desta vez. Leia esta explicação detalhada (não sou o autor original, aqui está link para a fonte ).

There are a couple of reasons first let me explain the differance: http send everything you do in plan text for any one to read.

https encrypts everything you do so that no one can read what you type but the recipient.

The problem with encrypting data is that you cant just encrypt it and say only yahoo can read it. Both you and yahoo have to have a secret key so that yahoo can decrypt what you sent and encrypt private stuff for you to read.

This is accomplised by an encryption scheme known as public key. Yahoo puts out a public key so that every one can encrypt stuff that only yahoo can read its like a one way key: you can package stuff up and send it to yahoo so that they can read it with theire private key but some one with a public key cant see what you encrypted.

So you package up a key for yahoo to use to talk to you and you are all set.

WHY ALL internet communication isn't done like this is because of what is known as the man in the middle attack, and its solution.

It's quite simply to pretend to be yahoo.com if you know what you doing. so I pretend to be yahoo and all traffic you think is going to yahoo comes to me. you ask me for my public key I respond back with an fake public private key pair that I made then I ask yahoo for there public key and every thing you to I do I just watch for anything interesting like Credit cards etc, an you are non the wiser.

We solved this problem by using what is called a certificate authority. A CA is some one who you pay to vouch for you; Verisign and GoDaddy are the biggest. So everytime you make a https connection to amazon you go to a CA and they comeback with amazons public key. And every thing is hunky doory. With the exception that this slowed you down considerable yahoo.com has to pay a CA bill every month, and joesmoh.com has to go through a lot of rigormarol to set all this up.

And finally I will answer your question: So the reason is it would make every thing slow more expensive and more complicated to use exclusively https.

Plus tying to get information from internet traffic once it is out of your local network is like trying to car jack someone on free way going 500 miles an hour. enough security for you typical fried chicken recipe.

Complicated answer but you asked a complicated question.

    
por 11.05.2014 / 13:40

Tags