HTTPS in public wireless network: is it ok

When I am using public WiFi to go to a secured site that uses HTTPS, is my data encrypted? Is it a lot more risky than when I am on a secured network ?

Solution 1:

Your data is encrypted by the SSL crypto, but anyone on the network (and that means pretty much anyone, on public unsecured wifi) can sniff the traffic. How secure it is depends on the crypto of the browser you're using and the server you're communicating with, as SSL will fall back to the lowest common cryptographic denominator.

Also keep in mind that some SSL cryptography has been compromised.

For many purposes, though, the SSL encryption will keep your data private enough. If you're hiding holiday present details from the recipient you're probably ok, but if you're transmitting illicit government secrets you might want to find a more secure network.

One thing of note, unless all your traffic with the website at the other end is encrypted, once you've established credentials with the site if the rest of your session on the site is unencrypted your cookie-based authentication with the site will be out in the open for all to see. It's not that unusual for sites only to encrypt the data they think is risky when you acquire it but then to use unsecured HTTP for the rest of the session, thereby exposing your cookies (and your identity and authentication on the site) out in the open.

Solution 2:

Yes, the HTTPS use SSL. A security Layer.

It encrypt the exchange between your computer and the server. But like every encryption. It's hackable. But it takes really long time.

Except if you are a secret agent, this security is enough.