Do SSL required to prevent eavesdropping?

To the best of my knowledge SSL is to prevent only Eavesdropping i.e. plucking the digital data passing across a network. So, to prevent password SSL encrypts the data at the login page and decrypt it at database. Finally it carries information securely. 开发者_运维百科I think this can be implemented even using some encryption algorithms like Md5/SHA/other?

What's the difference between SSL and normal encryption?

Please correct me if any of the above statements are false.

SSL is a protocol for transmitting encrypted data. It is not an encryption algorithm, per se. Though HTTPS uses SSL to encrypt web communications, SSL wasn't built for HTTP and has little to do with login pages, though it is common for login pages to be accessed via HTTPS (and hence SSL). Many secure protocols are carried over SSL.

MD5 and the SHA family aren't encryption algorithms either. They are hashing algorithms.

SSL can not prevent eavesdropping if the CA is not safe. As we have seen lately. The data is encrypted via SSL thats right e.g. not like you mentioned with Hashes(Hashing is not Encryption) its using encryption algorithms. Asynchronous and synchronous algorithms. The Asynchronous encryption is a certificate implementation.

To your question: "Whats the difference"

SSL - is a commonly used and accepted way of using encryption e.g for HTTPS in order to secure HTTP connection (using various encryption techniques) and a solid documentation of handshaking.

SSL is also used to secure different tcp protocols(like mail(smtps, pop3s, imaps), ftp(s), etc..)

Encyrption - is used inside SSL.

SSL is supported in common browsers and server implementations. If you would want to use "normal encryption" you have to implement everything by yourself.

To the best of my knowledge SSL is to prevent only Eavesdropping

Incorrect. SSL provides secrecy, integrity, and authentication, and provides a mechanism for you the application to perform authorization. It protects you from eavesdropping, tampering, active man-in-the-middle attacks, truncation attacks, ... It is a lot more than mere encryption.