Session 2 — Encryption & TLS

Deepa opens her laptop at a college café. She types her email address and password into a login form and presses Enter. Her credentials travel from her laptop — through the café’s Wi-Fi router, through the ISP’s network, through several backbone routers — to a server, possibly in another city.

Every router along that path handles her data. None of them are run by her. None of them are her bank. What stops someone on that path from simply reading what she typed?

The answer is encryption. This session explains how encryption works, why it is necessary, and how your browser uses it automatically on every HTTPS connection.

What You Will Learn

  • Why plain HTTP is a problem — what anyone on the path can see
  • What encryption is and how it keeps data private
  • The difference between symmetric and asymmetric encryption
  • What session cookies are and why encrypting them matters
  • What HTTPS is and how it protects your browser sessions
  • How the TLS handshake works (in plain English, no maths)

The Big Idea

Encryption is the lock on the internet’s sealed letters. Without it, every piece of data you send travels like a postcard — anyone who handles it can read it. With encryption, data travels like a letter in a sealed envelope: the contents are private, tamper-evident, and only readable by the intended recipient.

The internet is a shared public infrastructure. Your data passes through equipment you do not own, operated by people you do not know. Encryption is the engineering solution to that reality.

Character Focus This Session

Deepa asks the question everyone has: “If encryption is so important, why doesn’t every website use it?”

Rohan wants to understand the actual maths of public-key cryptography (the Rohan Goes Deeper boxes are especially relevant this session).

Sunita didi has seen what happens in corporate networks when someone accesses sensitive data over an unencrypted connection — she uses this session’s concepts every day.

Warm-Up Check

Before reading on:

  1. Have you ever seen the padlock icon in your browser’s address bar? What do you think it means?
  2. If you send a WhatsApp message, can WhatsApp read it? Why or why not?
  3. What is the difference between a password and encryption?

Keep these in mind as you read — the answers will become clear.