We work on a & nb p; secure protocol
Imagine this situation. You have a website located on an external server. You, as an administrator, perform certain actions on it, connecting under a certain login and password. The second situation. You are a user of Web Money or similar.
To perform actions with your wallets you need to connect to the system. What can happen during such connections? If someone is between your computer and the server, he will be able to intercept (sniffer) the data transmitted by you and you, select from them information that can give access to your server or wallet and perform actions that will harm you.
What to do and how to protect yourself from such a situation? One option is to work on a secure protocol. Secure protocols operate at different levels and use different encryption algorithms. The client and the server interact in such a way that any third party, looking at the flow of messages on the network, could not figure out what information the client and server exchange between themselves. Authentication using special certificates allows you to be sure that the data has not been altered or tampered with.
Several protocols have been developed to create secure connections. Secure Internet communications can be implemented using a number of protocols such as Secure Socket Layer (SSL), Secure HTTP (SHTTP), and Private Communications Technology (PCT). They ensure the security of communication channels between the Web server and the browser and identify either the browser or the server. There are several implementations of secure protocols, but in order for an overwhelming number of Web browsers to work with your system, it still needs to support the SSL protocol, as it is the most common today. Often for its designation and selection among others the abbreviation HTTPS is used. It is this Latin letter “s” that turns a regular, unprotected data transmission channel on the Internet via HTTP, into a secret or protected one.
SSL was introduced by Netscape Communications Corporation in 1994. Then the second version was presented, in which the security of the channel was provided over the transport protocol level (for example, TCP), and the application programs worked over SSL. SSL provides data protection by encrypting its messages, as well as checking the integrity of messages and server-side authentication and, optionally, client-side authentication. Two years later, the third version of this protocol was introduced, in which support for encryption and key exchange algorithms was expanded.
SSL provides a “secure channel”, which has three basic properties:
Communication security. After the initial handshake, the encryption is applied and the secret key is determined. To encrypt data using the means of symmetric cryptography (for example, DES, RC4, etc.).
A participant in a communication session can also be identified using common keys, that is, using asymmetric cryptography tools (for example, RSA, DSS, etc.).
Reliability of communication. Vehicles conduct message integrity checks using an encrypted integrity code (MAC). Safe hash functions (for example, secure hash algorithm (SHA), MD5, etc.) are used to calculate the MAC codes.
The purpose of the SSL protocol is to ensure the security and reliability of communication. The main purpose of the SSL protocol is to ensure the security and reliability of communication between two applications connected to each other. This protocol consists of two levels. The lower layer that sits on top of the transport protocol (for example, TCP) is called SSL Record Protocol. SSL Record Protocol is used to embed various high-level protocols and provides a basic set of security features and support for the following two services for SSL connections: confidentiality and message integrity. One of these built-in protocols, the SSL Handshake Protocol, allows the server and client to identify each other and negotiate the encryption algorithm and cryptographic keys before the application protocol exchanges the first data bits. One of the advantages of SSL is that it is independent of application protocols. The high-level protocol can be completely transparent over SSL.
Another important advantage of SSL is its full software-platform independence. The protocol is developed on the principles of portability, and the ideology of its construction does not depend on the applications in which it is used.
SSL protocol consists of several levels. At each level, messages have a number of fields for specifying length, description, and content. SSL takes the data to be transmitted, divides it into managed blocks, compresses the data (if necessary), uses the MAC code, encrypts it, and sends the result.