http vs https | How SSL (TLS) encryption works in networking ? (2021)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so now this particular server will use the private key asymmetric private key hello friends welcome to itk fund a your own channel where we make it interesting for everyone and in this video we will understand about the differences between http and https protocol and what exactly is ssl encryption which makes https more secure than http we'll understand all this yet again with an easy to understand example so without wasting any more time let's get started please subscribe to my channel and hit the bell icon so friends i hope you are already aware of what http stands for but if you don't it is hyper text transfer protocol it is a layer 7 protocol which enables a client browser to interact with and communicate with a web server and this particular protocol enables you whenever you type anything on your website for example if you are typing http coolant google.com then this particular protocol enables you to contact the google web server and get all the relevant information from from that particular server so what are the features of http so first of all http sends your data and gets your data in plain text what does that mean that means that if you are accessing uh you know maybe your banking site for example uh although it you will not be able to do it because it's always secure now but if suppose you are accessing anything over http over a public wi-fi there is a very good chance that someone might be you know sniffing into that particular communication and might get the sensitive data whatever you are entering on the browser so that's why http is very very insecure and it could be very very easily hacked and that's why https has now come into picture and almost every website every company now has their http https urls which can be accessed by everyone but before we go on to https let's first understand some features of http so first of all as i said it sends your data and receives the data in plain text then it is a layer 7. so what what what do we mean by layer 7 protocol layer 7 protocol you can understand if you have understood what is osi model what is osi what are different osi layers the 7 layers of osi model you can watch that video i'll give you a quick nugget which i created for remembering this particular all the seven layers of osi which is all people should try new domino's pizza all people should try new domino's pizza now you can remember it as application layer presentation layer session layer transport layer network layer data link layer and at the end the physical layer so when i say layer 7 that means that http protocol is right at the top of that particular hierarchy and it resides at the application layer i also told you that it is very insecure because there is no security inbuilt and everything which we are communicating happens over plain text one good thing about http is it is very lightweight and that's why it gives you better performance because uh you know you do not have any encryption what whatever we will understand in stp https but in http you do not have all those mechanisms to secure the data and that's why the whole protocol is very lightweight so friends now let's understand what is https and how it is more secure than http so when you are talking through https you have an additional layer of security which is provided through ssl or tls protocol which is transport layer security or secure socket layer secure socket layer was the previous versions of this protocol but now the later versions are tls but these two terms are used uh interchangeably so uh always remember that https uh you can consider it a you know younger cousin of http with an uh you know an overlay of tls or ssl uh protocol so how exactly it works so in https first thing which you will notice whenever you are opening a bank website or maybe any any good website which needs to be secured you will always see a green padlock on the browser that itself indicates that now you are entering https uh you know protocol and through that you are entering uh into a secure communication channel how it is secure because now the data is not going through plain text it is getting encrypted and decrypted and while it is on the network uh you know no one can could see through what exactly is happening on what exactly or you have sent the information or what you are getting from the server so suppose you send an information like abc then it will you know get encrypted while on the network and then it will be decrypted on the server side and when server responds with a reply of xyz again it is encrypted and decrypted so someone who's sitting here uh trying to you know do some sniffing on this particular network then this particular person won't be able to understand what is being sent although he will understand which particular server you are targeting which port you are listening to what amount of data the size of the data or the duration with the duration for which you are you know opening that channel all that information he can still get but he will not be able to understand or decrypt this particular data which is sent again uh you can hack pretty much everything uh today so there is a concept like ssl stripping wherein you know the you might you know it might indicate to you that you are entering https but then using ssl stripping you might be redirected to an http page so there are various ways to hack things but uh you know as per uh https protocol if you you know send any information over the network it is very very secure compared to uh your its http cousin and how it becomes secure because it uses ssl certificates and these ssl certificates are you know are signed through a certificate authority and that particular certificate uh authority uh you know is installed on the browser browser should understand that okay this is a legitimate certificate and only then that communication channel is open so we will understand for encryption in more detail in a while but just uh run through let's run through some features of https so first of all as i said it encrypts data using ssl or tls protocol then it is a layer 4 transport layer protocol unlike a layer 7 of http then there is a public and private key exchange for encrypting and decrypting data it is heavier than http so obviously when you are adding more layer of security when you are adding you know more additional encryption decryption uh on to this particular http protocol it's it is tend to be become heavier so uh if you are looking for very good performance then you know there is some sometimes you know the websites which are non-critical which host non-critical data uh then those websites might redirect you to http protocol but still now more and more all the websites are encouraged to go only via https then one thing which i missed previously was the default port the default port on which http protocol listens to is port 80 on any server while for https it is port 443 so friends let's take a real life example to understand how encryption and decryption exactly works suppose we are in 1970s or 60s when there is only letters uh to share your feelings with each other and there is this boy trevor who wants to uh share his feelings to maria but at the same time he wants only maria to understand what he is writing and he writes in a letter four lines and those four lines were not a direct proposal it was an indirect encrypted message for maria he writes roses are red sky is blue do you see the same what i see in you and when this letter goes to maria maria decodes it decrypts it and writes back replies and maria replies roses are red sky is blue i thought you knew that yes i do so this is encryption encryption guys in a more loving way right so similarly when you are doing encryption and decryption there is some message which is being sent and only the only the server with which that particular message can be decoded to can decode that message now how it happens through ssl encryption will understand with the help of yet another uh example so friends if you don't like the tutorial at least hit the like for the poetry everything so guys now we will understand how exactly ssl encrypts our decrypts data for https protocol so as we discussed earlier ssl is secure socket layer or tls transport layer security and there are basically two types of ssl encryption asymmetric and symmetric so what is asymmetric and what is symmetric encryption in asymmetric uh encryption you have two keys one public key and other is the private key so the server gives the public key to the client or the browser with which the communication is happening and then the encryption happens with the help of the public key but the decryption happens with the server's private key this particular private key is only with this particular server no one else has it so that's why asymmetric encryption is more stronger and more tougher to crack because it has two different keys working together to secure the data now that's why the size of this particular encryption is of one zero two four and two zero four eight bits because you need to maintain a public key and apply private key separately to encrypt and decrypt the data so this is asymmetric uh encryption in symmetric encryption it is a simpler form of encryption wherein you have only one key and that one common key is given to the client and the same key is used by the server for uh decryption of the data so uh the this particular common key will be given to the you know client and then using this key only the encryption will happen and the same key will be used for decryption so again this is a simpler way uh to you know encrypt and decrypt the data and that's why it is lightweight it is only 128 and 256 bits and relatively easier to break but by no means it is less useful so whenever you are doing ssl encryption generally we combine asymmetric and symmetric together and then the whole communication becomes quite robust and secure so now let's understand how this whole communication flow happens using asymmetric and symmetric encryption so friends now let's understand how ssl encryption works using symmetric and asymmetric keys please pay attention because it might be slightly confusing i'll try to explain it slowly just try to understand okay so in step one the server will send over the asymmetric public key to the browser as i said asymmetric keys has public key and the private key so the public key will be sent to the browser now browser will generate a symmetric session key now as i said symmetric encryption only has single key okay for the server and the client so now what browser will do browser will generate a local session key symmetric encrypt encryption based session key and it will encrypt it because this session key will be you know generic key how it will be encrypted so it will use the public asymmetric public key which was given in step one combine it with the locally generated uh you know session key and then encrypt this particular key and send it in step two to the server now in step three server will take that particular you know key which has come in and how it will now decrypt it now this particular browser has used the public key but the server will use the private key to decrypt the encrypted session key which has come to um you know to it so now this particular server will use the private key asymmetric private key to decrypt the session key which has come in so in step 3 once this particular decryption happens from step 4 onwards the server the browser and the server can communicate using that particular session key are using encryption and decryption of that particular session key and that particular session key will last only for that particular session okay if you close the browser or if you log in the next day then you have to run through this whole communication channel again and again the session key will be created so friends i hope you now know a bit more about http https what s stands for in https how it is more secure how encryption decryption works using symmetric and asymmetric keys so if you did please hit the like button hit the subscribe button and the bell icon so you exactly know when i upload my next video let me know in the comment section what you would want to learn next i try to make videos in best of my capacities whatever i know i try to share with you all so yes do let me know what you would want to learn next and if i know anything about it i'll i'll be more than happy to share with you all so until next time please keep learning guys keep growing and yes keep hustling bye for now

Info

Channel: IT k Funde

Views: 12,550

Rating: 4.9751859 out of 5

Keywords: http, https, httpvshttps, what is http protocol, what is https, what is ssl, how SSL works, Secure Socket Layer, Transport Layer Security, SSL vs TLS, What is TLS, HTTP, HTTPS, HTTPvsHTTPS, Which is better http or https, https vs https for beginners, http/https explained, SSL explained, what is ssl certificate, how https works, secure socket layer, transport layer security, difference between http and https

Id: eWdPWSBKxso

Channel Id: undefined

Length: 14min 24sec (864 seconds)

Published: Wed Apr 28 2021