What Is SSL
SSL stands for Secure Sockets Layer, and today is called TSL or Transport Layer Security. It is a common way to create secure connections between websites and computers so that important information, such as Credit Card Numbers, are not able to be read while the data is being transferred. This does not protect one from malicious sites that are trying to steal information but it does prevent malicious individuals from interfering with transmissions to and from sites you trust.
Some people worry that transmitting any credit card information over the Internet is dangerous and that encryption is not safe. While it is true these technologies are not perfect they are extremely good. Keep in mind that your home phone service is not encrypted at all, yet it is common to state social security numbers and credit card numbers over the phone. Internet encryption is really very good. One valid question however is how secure is your high speed wireless internet connection or WiFi. A determined individual can use technology called packet sniffing and eventually get your WiFi password unencrypted. This in and of itself would only allow access to your WiFi network, however if you use this password for other accounts it could potentially allow them access to these as well. If someone has your WiFi password they still do not have access to the data within your SSL connection.
So how does SSL make you secure?
SSL uses key exchange authentication. Say for instance you had a letter to a friend and you changed all the letters to different ones because your friend had a decoder ring that told them what letters to use to read the letter. That decoder ring is a key; it tells your friend how the data is encoded. SSL uses key exchange; it allows to people who trust each other to exchange keys used to encrypt data so that only they can read they data transmitted. If you had to mail your decoder ring to your friend there would be a chance that someone could snag the decoder out of the mail. So if only one key was used this chance would exist on the Internet. With key exchange there’s two decoder rings. One is used to encode the transmission but a separate one is required to decode the transmission. The encoding key is given to the public. Anyone can encrypt data to send to you. The private key however is required to decrypt the data, which only you have. So basically instead of giving your friend a decoder ring you give an encoder ring; then any message your friend sends to you only you can decode. Likewise your friend gives you his public key so you can encode messages that only he can decode. There’s no security risk of someone having the public key since they require the private key to decode.
You may have heard of different types of keys such as 64 or 128 bit. The reason for this is that even with your encrypted message there exist a chance someone could simply use raw computing power and some very smart guessing to try to figure out your full key. The longer the key is however the more difficult this is. Thus a 128-bit key (which is a longer key) is more secure than a 64 bit one.
All in all SSL/TS is extremely secure, and has never been used to steal information. It’s a great safe way to enable transactions on the web between folks who trust one another. If you do not trust the person you’re exchanging information with SSL cannot help you, and you should always be sure who you are sending your personal information to, and that they will treat this information sensitively.
