Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

What is the difference between http and HTTPS ?

⁨31⁩ ⁨likes⁩

Submitted ⁨⁨16⁩ ⁨hours⁩ ago⁩ by ⁨TheViking@nord.pub⁩ to ⁨[deleted]⁩

source

Comments

Sort:hotnewtop
  • Dirk@lemmy.ml ⁨16⁩ ⁨hours⁩ ago

    HTTP is a postcard, HTTPS is a sealed letter.

    source
    • Shimitar@downonthestreet.eu ⁨16⁩ ⁨hours⁩ ago

      Mich more than that. Https also certifies that the website is who it pretends to be.

      source
      • sik0fewl@piefed.ca ⁨12⁩ ⁨hours⁩ ago

        That’s what seals are for.

        source
  • TheFogan@programming.dev ⁨8⁩ ⁨hours⁩ ago

    Lazy quick explanation targetted at… well someone who would ask this question.

    Basically http is unencrypted, meaning it’s transmitted in plain text. Imagine it like mailing a letter, in a clear plastic envelope. Meaning that should they care to, every single postal worker that the letter passes hands to between the destination and source, could read anything they want, and you’d be none the wiser. Hell they even have enough information that if one was actually malicious they could open your letter, change what you wrote, and no one could tell the difference.

    HTTPS, basically does 2 very important things. 1. it basically turns it into a language that only the intended person can read, meaning no one between the source and destination has any potential to read what is being transmitted. 2. it allows both sides to prove who sent everything.

    source
    • LastYearsIrritant@sopuli.xyz ⁨7⁩ ⁨hours⁩ ago

      You mentioned it, but I want to re-iterate this. The most important part of HTTPS isn’t that it’s hidden from anyone else, it’s that you can prove that data was actually sent by the website you expected, and it wasn’t altered in transit.

      With HTTP, someone in-between can change the data, or hijack the whole session and you’ll never know. With HTTPS, anyone in-between must pass along the data (mostly) unaltered (except in very specific situations).

      source
  • Shimitar@downonthestreet.eu ⁨16⁩ ⁨hours⁩ ago

    Https add an encryption layer on top of http. Except that, they are the same. Also, https provide a way to make sure the website is who he claims to be and not a random hacker website pretending to be it.

    Whatever you do on https it’s encrypted end to end and cannot be read by somebody in the middle.

    For example, if you login to a webpage with http your password will be sent in clear text and possibly read by somebody in the middle (your internet provider, your company, any other network in between …) while on https that same password is encrypted before it leaves your browser and it’s safe until it reaches the server, where is decrypted

    It works with a chain of certificates approved by some authorities that your browser trust, so that beside encryption you can also trust that the website you are connecting to is actually who it claims to be (of course, that require you trusting the web site certificate and chain of trust).

    source
  • SarahFromOz@lemmy.world ⁨15⁩ ⁨hours⁩ ago

    The S is for sex so I think HTTPS is for porn.

    source
    • Klear@piefed.world ⁨13⁩ ⁨hours⁩ ago

      What do you think the P in HTTP stands for?

      source
      • SarahFromOz@lemmy.world ⁨13⁩ ⁨hours⁩ ago

        Penis or pussy probably.

        source
  • dracc@discuss.tchncs.de ⁨16⁩ ⁨hours⁩ ago

    The ‘S’ stands for “Secure”. HTTPS is encrypted with TLS or, nowadays, SSL which means a third party can’t intercept and read your transferred data.

    source
    • nasteva@jlai.lu ⁨16⁩ ⁨hours⁩ ago

      Didn’t TLS supersede SSL?

      source
      • Tetsuo@jlai.lu ⁨15⁩ ⁨hours⁩ ago

        Correct, SSL was deprecated in 2015 in favor of TLS.

        source
      • dracc@discuss.tchncs.de ⁨15⁩ ⁨hours⁩ ago

        Shoot, you’re correct. My bad!

        source
  • EtnaAtsume@lemmy.world ⁨11⁩ ⁨hours⁩ ago

    S

    source
  • forestbeasts@pawb.social ⁨13⁩ ⁨hours⁩ ago

    HTTPS is literally just HTTP, but shoved inside TLS, which is a generic encryption thing you can use on TCP* connections. It’s like shoving your message inside a magic envelope that can’t be broken into before you send it, the receiver can open the envelope though and read it. The stuff inside is still regular HTTP.

    (*connections to a server that let you send/receive a stream of data, instead of just firing off packets and hoping they make it there like how UDP works.)

    But as for HTTPS itself: First off there’s the encryption, which prevents anyone listening in from reading the stuff. But you also need to know that you’re talking to the right server, and some attacker isn’t just pretending to be the server you want and forwarding your messages to the real server, then relaying its answers back.

    That’s where certificates come in. Those are, unfortunately, centralized at least as web browsers use them; there’s a Big List of allowed “certificate authorities” in each browser and/or OS, which are organizations you can get a certificate for your website from. Certificates are signed (more cryptography math magic) by the CA so that your browser can know the cert came from a known CA. If it doesn’t, it goes basically “huh? I don’t know who signed this! maybe an attacker did. I don’t trust it.”

    There are other ways to handle that sort of trust. Mumble (a voice chat platform) also uses TLS certificates, but instead of just having a Big List, it just assumes that the first time you connect you’re not being actively attacked, and then if the certificate ever changes it can freak out and let you know. Much like SSH works (but SSH has its own completely different encryption scheme). Mumble also knows about the big list of CAs though and will accept ones signed by a known CA without questioning it.

    – Frost

    source
    • RememberTheApollo_@lemmy.world ⁨10⁩ ⁨hours⁩ ago

      I’d tell you a UDP joke but I’m not sure you’d get it.

      source
      • ICastFist@programming.dev ⁨7⁩ ⁨hours⁩ ago

        Keep spamming it until it goes thru!

        source
  • Cypher45@lemmy.dbzer0.com ⁨9⁩ ⁨hours⁩ ago

    There is a S on it, duh.

    source
  • sbeak@sopuli.xyz ⁨14⁩ ⁨hours⁩ ago

    Just to add to the definitions that others have already mentioned, simply because a website is using an HTTPS connection does not mean that it’s necessarily a trustworthy website. The website you are accessing could be compromised, so don’t take the green lock / whatever your browser uses as the HTTPS indicator as a guarantee for security!

    Another fun fact, although HTTP(S) is used for serving HTML webpages, there are other protocols for different use cases. For example, FTP is used for file sharing, and SMTP is for email. You might have also heard of the Tor network, which is used when anonymity is important (see journalists, activists, etc.)

    source
  • kibblebits@quokk.au ⁨15⁩ ⁨hours⁩ ago

    One is plural and has many http in one location. I saw some http at the zoo.

    source
  • BitUnWise@programming.dev ⁨15⁩ ⁨hours⁩ ago

    One letter

    source
    • haroldfinch@feddit.nl ⁨15⁩ ⁨hours⁩ ago

      Case sensitive? 5 letters.

      source
  • aMockTie@piefed.world ⁨13⁩ ⁨hours⁩ ago

    HTTP is like a conversation with someone wearing a “Hello my name is X” sticker at a public party, HTTPS is like a conversation with someone proving their identity with a government issued passport in a private room. Anyone can write anything they want on the former, and anyone happening to listen to the conversation can overhear everything. On the other hand, the latter requires basic identity verification and can’t be easily overheard.

    With that being said, anyone can also obtain a passport. That means you can be sure that you are interacting with a John Doe, but that doesn’t necessarily mean that you are interacting with the John Doe you were expecting.

    I hope that helps.

    source
  • OriginEnergySux@lemmy.world ⁨14⁩ ⁨hours⁩ ago

    No one knows, thats the allure of the mystery

    source