How secure is http?

Drew Yeh June 22, 2010

How secure is it? Is there a way to tell if the security has been breached? If there’s no set way, are there signs (like slower connection because of an intermediary party)? Not to sound vain and overly concerned with my own life, but is http secure enough for Evernote or your todo list?

  1. D-Technodude
    November 11, 2011 at 3:23 am

    I know this is a year old, but what about if the password is encrypted with say MD5? Even if the hacker saw it, would they know what it meant?

    • Tina
      November 17, 2011 at 7:55 pm


      as you said yourself, this article is over a year old. If you are still looking for an answer, I recommend asking a new question.

  2. Oron Joffe
    June 23, 2010 at 7:03 pm

    There are many aspects to security, too many to cover here, but think of it this way: using HTTP is like sending postcards, or shouting to someone across the street. Anyone who has physical access to the conversation (postman, sorter, passerby on the street) can hear what you are up to.

    Using HTTPS is like doing the same thing, only is Sumerian (or Mayan or old Egyptian, if you prefer). They would need to figure out what language you were speaking, then learn the language and decipher your conversation. HOWEVER, you're still doing it in the public domain and it is still conceivable that someone might be able to crack the code, if it's worth their while.
    In short, don't say anything on HTTP you don't want someone else to hear (for example, disclosing passwords), but bear in mind that there are risks even when using a 'secure' protocol.

  3. Test
    June 23, 2010 at 4:19 pm

    thx for the answers. So I'm guessing I shouldn't have anything that I don't want others to see using http. A few questions of confirmation: does an attacker have to target you personally or could it be an attack that happens because they happened to sniff your packets by chance? Do they have to gain access to your computer to analyze the packets? Do they have to gain access to the server you're sending the packets to?


  4. Jack Cola
    June 23, 2010 at 10:21 am

    There is a program called Wireshark which analyses packets in and out of your computer. If you log in to a site that does not use HTTPS, you will be able to see your username and password in plain text. So if you see information from another party, you can raise your flaggs.

    But basically, no one is safe on the internet. Somewhere along the lines your information may be captured. For example, in Austrlalia, they are talking about recording every URL you visit or even ban you from the internet if you don't have antivirus software on your computer.

    • pceasies
      June 23, 2010 at 2:43 pm

      That sounds a bit harsh. I don't have antivirus installed right now and haven't noticed anything odd.

  5. pceasies
    June 23, 2010 at 2:57 am

    HTTP is not secure, it's plain text. HTTPS adds encryption and it depends on the strength of the encryption to determine how secure the information being sent it.

Ads by Google