I recently came across the issue of latency differences between HTTP and HTTPS. It got me curious and I started looking into it. To give a quick introduction to those who are new to this, HTTP stands for Hypertext Transfer Protocol and it’s a protocol for communication over the internet. Whenever somebody types something into the address bar on their browser, the browser understands the address and displays the appropriate thing. When you look at the address bar, you usually won’t see the address beginning with “http” because modern web browsers hide it. If you copy that address and paste it into a text file, you will see the full address starting with “http”. The problem with HTTP is that it is susceptible to wiretapping and other kinds of attacks. So people came with a solution and introduced HTTPS. HTTPS stands for Hypertext Transfer Protocol Secure. As the name suggests, it is secure! It’s the same HTTP protocol layered with a security protocol. Now that brings us to the main question. Will this affect the internet speed in any way? Will this be an issue when we are dealing with large amounts of traffic on the internet? Continue reading “HTTP vs HTTPS: Latency Comparison”
Tag: Hacking
Why Do We Need Two-Factor Authentication?
In the last couple of years, we have encountered quite a few security breaches. A lot of internet companies are being targeted with these kinds of attacks. One of the most common forms of online transactions is that you have an account that’s protected with a password. So whenever you want to access your account, you just enter your username along with the password. But the problem is that this is breakable! As in, people can technically break into these accounts. So people started thinking about different ways in which this could be prevented. Of course, choosing better passwords would help, but we need to way to fundamentally improve the security. How exactly do we do it? Do we just choose bigger and better passwords or is there something new we can do? Continue reading “Why Do We Need Two-Factor Authentication?”
Elliptic Curve Cryptography: Part 4/4 – How Do We Use Elliptic Curves?
In the previous blog post, we discussed about elliptic curves and saw what they look like. We also looked at some of their special properties that enable it to be a good trapdoor function. But this is still very mathematical, right? The curves are great to look at and we understand general concept of elliptic curves, but how do we use them in real life? The curves denoted by those equations don’t represent the curves that are used in cryptography. In the real world, things are digitized. We need to convert things into bits and move them around quickly. So how do we do it? Continue reading “Elliptic Curve Cryptography: Part 4/4 – How Do We Use Elliptic Curves?”
Elliptic Curve Cryptography: Part 3/4 – What Is An Elliptic Curve?
In the previous blog post, we discussed why RSA will not be sufficient anymore. We looked at how machines are getting stronger, and that we cannot rely on factorization as our primary mathematical foundation. We also talked a bit about what we are looking for in our new system, and then said a quick hello to elliptic curves. In this blog post, we will see what elliptic curves are. As always, we will keep the equations to a minimum, and instead, try to understand the underlying concept. Let’s go ahead, shall we? Continue reading “Elliptic Curve Cryptography: Part 3/4 – What Is An Elliptic Curve?”
Elliptic Curve Cryptography: Part 2/4 – Why Do We Need It?
In our previous blog post, we discussed public key cryptography and how it works in general. The RSA is so powerful because it comes with rigorous mathematical proofs of security. The authors basically proved that breaking the system is equivalent to solving a very difficult mathematical problem. When we say “difficult”, what it means is that it would take trillions of years to break it even if all the supercomputers in the world were to work in parallel. By the way, this is just one encoded message! The problem in question here is prime number factorization. It is a very well-known problem and has been studied for a very long time. So if it’s such a difficult problem, why do we need something new? What’s the problem here? Continue reading “Elliptic Curve Cryptography: Part 2/4 – Why Do We Need It?”
Elliptic Curve Cryptography: Part 1/4 – Why Should We Talk About It?
Elliptic curve cryptography is one of the most powerful techniques used in the field of modern cryptography. Just to be clear, elliptic curves have nothing to do with ellipses. I agree that the name can be slightly misleading, but once we discuss what elliptic curves are, it will become much clearer. So as you may have already guessed, elliptic curve cryptography (ECC) is based on the properties of elliptic curves. ECC is very useful in internet security and it is being deemed as the successor to the almighty RSA crypto system. If that didn’t make sense to you, don’t worry! We are going to discuss everything in detail. A lot of of websites are increasingly using ECC to secure everything like customer data, connections, passing data between data centers, etc. So what makes ECC so special? Is it strong enough to take over the world? Continue reading “Elliptic Curve Cryptography: Part 1/4 – Why Should We Talk About It?”
How To Deal With Buffer Overflow
You must have encountered the word ‘buffer’ somewhere in your life. In everyday usage, buffer refers to something that acts as an intermediary between two things that don’t get along. It’s a shield which moderates the impact of one thing over the other. In the programming world, buffer refers to an area where we temporarily store data before moving it to another place. Perhaps the most famous example would be copy-paste. When you copy something, it is stored in the buffer until you paste it somewhere. This concept is used extensively while building software systems and it’s important to make sure that the buffer behaves nicely at all times. Now you might ask, what does buffer behavior refer to? Why would it not behave nicely at all times? Continue reading “How To Deal With Buffer Overflow”
Forward Proxy vs Reverse Proxy
In the previous two blog posts, we discussed about forward and reverse proxies. In this post, we will look at a real example and see how we differentiate between the two. The word proxy describes someone acting on behalf of anyone else. In the world of computers, we are talking about one machine acting on the behalf of another machine. Students do this in real life because they don’t want to attend all the classes, but they want the attendance. Well, machines don’t want to attend all the classes either! So let’s go ahead and see what those differences are and how we can understand them. Continue reading “Forward Proxy vs Reverse Proxy”
What Is A Reverse Proxy?
In the previous blog post, we discussed about proxy servers. Proxy servers basically act like buffers that monitor everything that comes into the user’s machine. We talked about why we need them and how they are used in real life scenarios. We used the analogy of what a person aims to achieve when he proxies for another person. He basically acts on behalf of that other person. Now how would we extend that analogy to explain reverse proxy? Just like how students proxy for fellow students, reverse proxy can mean professors proxying for each other. Does that sound right? What exactly is a reverse proxy and why do we need it? Continue reading “What Is A Reverse Proxy?”
What Is A Proxy Server?
If you are a techie, regardless of the field you are in, you must have heard the term “proxy server”. If you are a web developer, you would hear that term a lot! Off the top of your head, what do you think a proxy server is? It’s basically very similar to what a person aims to achieve when he proxies for another person. That is, to act on behalf of that other person. Remember the good old college days when this used to happen a lot? It was frowned upon by the professors back then. But now, it makes up for a good analogy to discuss an important concept. Now why would we need a proxy server? Why can’t we just talk directly to the actual server and leave this whole proxy thing aside? Continue reading “What Is A Proxy Server?”
Perpetual Enigma 