0

Possible Duplicate:
How is it possible that people observing an HTTPS connection being established wouldn’t know how to decrypt it?

Alice connects to Bob's site via a TLS secured connection (for instance, HTTPS is being transmitted). Eve has full eavesdropping ability for all packets being transmitted on the network.

Would it be possible for Eve to decrypt the TLS secured connection? If she is not able to do so, why?

Thanks!

Community
  • 1
Brett
  • 111
  • 1
  • 4

1 Answers1

4

Consider you want to send a letter to your friend. The content is secret. So you used a box having a special feature. Both of you will have a pair of keys to lock and unlock the box they are Public Key and Private Key. The scenario is the box can be locked using first key that is public key. But for opening that box you need to use second key that is private key.

Now, if you want to send a message to your friend you can ask his public key. He will give his public key. His private key is not shared with any one. When you receives the public key, you will put your message in that box and lock using your friend's public key. If you tried to open using the box using same public key it won't work because of the security feature of that box. You will send the box to your friend. If somebody tried to eavesdrop the box, they can't. It is not possible because the private key is not known for anybody except your friend. And don't think to break the private key using all key combinations. The algorithm used to lock and unlock the message is very strong and it will take million years to unlock if somebody tried to check using all the keys. The eavesdropper can get two information, who is sender and who is receiver. All other information is hidden in that box. This is the simple scenario of How TLS works. If your friend want to reply to you, he will request for your public key, lock the message using the key, send it to you. When you receives the message you will unlock it using your private key.

When you are using a website using https, your information including url, query string, contents, username, password are encrypted using the receivers public key. And the website replies from the website is encrypted with your public key. Your public and private keys are managed by your browser. So the content you are sending to the website is only decrypted by the web server and the reply of that request is only decrypted by your browser. No one else in the world can view or edit that contents. For more information you can Google Public Key Cryptography.

sujeesh
  • 464
  • 2
  • 4
  • 10
  • Thanks for the useful details, @sujeesh. Makes a lot more sense than the linked question/answer. – Brett Jan 21 '13 at 22:31
  • @Brett if you want far more details please Google using following keyword. Public Key Cryptography then search what is SSL and TLS, then go for what is HTTPS. HTTPS is nothing but http with its contents are encrypted using SSL or Public and Private keys. – sujeesh Jan 22 '13 at 05:14
  • Note: now you know you are talking to *somebody* securely, but you have to also make sure that it's really your friend! – user253751 Oct 25 '21 at 16:13