Monday, January 12, 2015

Encryption and Internet Security

The nuts & bolts of the internet may be for geeks, but in the world of e-commerce, ordinary folk constantly face gratuitous emails. Here is one that dropped in today -

Dear Customer XXXX  maintains the highest standards of safety and security on its online trading platform. It undertakes continuous assessments and has precautions in place to ensure that the website's operational readiness and security are not compromised for any reason. Researchers have found that a version (3.0) of a component (SSL) on web browsers which secures your connection is not secure. Hence, ever committed to secure your browsing experience, XXXX will only support higher versions of this component, i.e., TLS 1.0 and above with effect from 21-Nov-2014. This will not affect your trading experience on the  XXXX platform. However, it is strongly recommended to update your browser to its latest version specially if you are on older versions of Internet Explorer (versions 6 and below) and Opera (version 4 and below) to ensure un-interrupted and secured trading. Meanwhile we would request you to kindly change the browser settings as given here to enable TLS 1.0. Please contact our customer care for any assistance. 
Thanking you XXXX

Now what on earth is SSL and TLS?  How can I be sure that one is better than the other?

It seems SSL stands for "Secure Sockets Layer", an encrypton system launched in 1994 by Netscape. It encypts data in a 40-bit or 128-bit format, and sends it across to a sever which has the 'key' to decoding it, based a SSL Certification system.

TLS on the other hand, is "Transport Layer Security" which is based on Netscape's SSL, but, somehow, supersedes it. Like SSL it starts with a system involving an Asymmetric Protocol involving two unequal parts - a 'public key' (in your PC), and a 'private key' (in the vendor's server), but then adds a new layer involving a Symmetric Key, shared like a private secret or a special "handshake". This apparently makes it a bit more difficult for hackers to steal your passwords.

So, until XXXX comes with an email warning that TSL too has been compromised, we shall sing peans to TSL.

* SSL -
* SSL- Your key to e-commerce security --
* TLS:
* ICICIDirect - directions for enabling TSL 1.0

No comments: