When you started reading this comic, your browser displayed a lock on the address bar.
How did that happen?
But first, they needed to agree on how to communicate securely.
This process, the negotiation between a browser and a server, is called 'the handshake'.
It happens very fast. We are going to show you how it works.
Take it away guys!
Ready? Here is what the 'handshake' in slow-motion looks like.
Done!
Let's do it again, but faster.
A-G-A-I-N !
Stop!
Let's break it down. Step by step.
I send a list of SSL/TLS versions and encryption algorithms that I can work with to Compugter.
A fancy word for the encryption algorithm list is 'cipher suite'.
So you can sound like a pro at the dinner table.
The SSL and TLS protocols have evolved over time, we'll talk more about that soonish.
And then I wait for an answer from Compugter.
I choose the best SSL/TLS version and encryption algorithm among the ones browserbird sent me, and based on my preferences.
I reply with my certificate, which includes my public key, so they can verify who I am.
I check Compugter's certificate to make sure they are legit.
I generate a 'pre-master key' so we can both use it later when we generate a unique key.
I encrypt that pre-master key with Compugter's public key and then send it to him.
I use my private key to decrypt the pre-master key.
So far all the communication between them has been in the open. They haven't secured any messages.
They used asymmetric keys (public and private keys) to encrypt the pre-master key so nobody could spy on it.
Passwords, credit card details, everything.
Simple, right?
Next time you connect to a website securely via HTTPS, give your browser the shaka because you know their secret handshake.