After Width: | Height: | Size: 524 B |
After Width: | Height: | Size: 5.3 KiB |
After Width: | Height: | Size: 5.7 KiB |
After Width: | Height: | Size: 6.0 KiB |
After Width: | Height: | Size: 4.4 KiB |
After Width: | Height: | Size: 2.6 KiB |
After Width: | Height: | Size: 1.4 KiB |
After Width: | Height: | Size: 1.2 KiB |
After Width: | Height: | Size: 4.8 KiB |
@ -1,2 +1,3 @@ |
||||
##= require jquery |
||||
##= require bootstrap/dropdown |
||||
##= require_tree . |
||||
|
@ -0,0 +1,32 @@ |
||||
#about, #help { |
||||
margin-bottom: 20px; |
||||
p { |
||||
font-size: 1.25em; |
||||
} |
||||
} |
||||
|
||||
#donorbox { |
||||
background: #2d81c5 url(<%= image_path 'donorbox.png' %>) no-repeat 18px center; |
||||
color: #fff; |
||||
text-decoration: none; |
||||
font-family: Verdana, sans-serif; |
||||
display: inline-block; |
||||
font-size: 16px; |
||||
padding: 13px 17px 13px 56px; |
||||
-webkit-border-radius: 2px; |
||||
-moz-border-radius: 2px; |
||||
border-radius: 2px; |
||||
box-shadow: 0 1px 0 0 #1f5a89; |
||||
text-shadow: 0 1px rgba(0, 0, 0, 0.3); |
||||
} |
||||
|
||||
#liberapay, #donorbox, #paypal { |
||||
img { |
||||
height: 50px; |
||||
max-width: 140px; |
||||
} |
||||
} |
||||
|
||||
table.scoring img { |
||||
width: 30px; |
||||
} |
@ -0,0 +1,257 @@ |
||||
<div id="help" class="container"> |
||||
<div class="row"> |
||||
<div class="col-sm-12"> |
||||
<h1>Scoring</h1> |
||||
|
||||
<p> |
||||
Currently, CryptCheck gives note from <%= rank_label :G %> for the |
||||
worst sites to <%= rank_label :'A+' %> for the best ones. |
||||
</p> |
||||
|
||||
<p> |
||||
Scoring is based on the fact that TLS handshake is <b>not</b> |
||||
authenticated, and so an attacker can force to use whatever |
||||
cipher he wants as soon as both client and server support it, |
||||
with a downgrade attack as simple as modify TCP packets on the |
||||
fly. |
||||
</p> |
||||
|
||||
<p> |
||||
Such downgrade attack doesn't require heavy resources and can be |
||||
made with standard computer or phone.<br/> |
||||
The only difficult part is to be in position to modify the |
||||
traffic between the client and the server. |
||||
This is the case if the attacker is connected on the same network |
||||
as the client (hotspot, 3G…) with simple |
||||
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>, |
||||
doable with tools like |
||||
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/> |
||||
</p> |
||||
|
||||
<p> |
||||
As client support can't be guessed, CryptCheck considers the |
||||
<b>weakest</b> suite supported server side. |
||||
This way, a connection to the scored service can't lead to a |
||||
negociated handshake with a worse score than the one given to |
||||
the service, whatever your client supports and whatever an |
||||
attacker is present or not. |
||||
</p> |
||||
|
||||
<table class="scoring table table-bordered table-condensed center table-striped"> |
||||
<thead> |
||||
<tr> |
||||
<th rowspan="2">Score</th> |
||||
<td rowspan="2"></td> |
||||
<td colspan="3">Protection</td> |
||||
<td colspan="3">Weakness</td> |
||||
</tr> |
||||
<tr> |
||||
<td>Best</td> |
||||
<td>Great</td> |
||||
<td>Good</td> |
||||
|
||||
<td>Future</td> |
||||
<td>Weak</td> |
||||
<td>Deprecated</td> |
||||
</tr> |
||||
</thead> |
||||
<tbody> |
||||
<tr> |
||||
<th><%= rank_label :'A+' %></th> |
||||
<td class="left"> |
||||
Seriously take security into account and invest a lot on it.<br/> |
||||
Whatever the cost, encryption safety is implemented. |
||||
You can be proud! |
||||
</td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :A %></th> |
||||
<td class="left"> |
||||
Seriously take security into account and invest a lot on it. |
||||
</td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :'B+' %></th> |
||||
<td class="left"> |
||||
Seriously take security into account and invest on it. |
||||
</td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :B %></th> |
||||
<td class="left"> |
||||
Take security into account and invest on it. |
||||
</td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :'C+' %></th> |
||||
<td class="left"> |
||||
Take security into account and invest a little on it. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :C %></th> |
||||
<td class="left"> |
||||
Take security into account but don't spend too much for it. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :D %></th> |
||||
<td class="left"> |
||||
Take security into account. Minimaly.<br/> |
||||
This is the worst score a decent service must have today. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :E %></th> |
||||
<td class="left"> |
||||
Take security into account. A little. Or not. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'cross-red.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :F %></th> |
||||
<td class="left"> |
||||
Just don't take security into account. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'cross-red.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :G %></th> |
||||
<td class="left"> |
||||
Just don't take security into account at all.<br/> |
||||
What the fuck you do, dude? |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'cross-red.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :V %></th> |
||||
<td class="left"> |
||||
Invalid certificate (wrong domain, expired…) |
||||
</td> |
||||
<td colspan="6"></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :T %></th> |
||||
<td class="left"> |
||||
Unstrusted certificate. Not issued by a trusted |
||||
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>. |
||||
</td> |
||||
<td colspan="6"></td> |
||||
</tr> |
||||
</tbody> |
||||
</table> |
||||
<table class="scoring table table-bordered table-condensed"> |
||||
<tr> |
||||
<td> |
||||
For protection:<br/> |
||||
<%= image_tag 'check-full.svg' %> Fully implemented |
||||
<%= image_tag 'check-empty.svg' %> Partially implemented<br/> |
||||
|
||||
Good: simple to implement, small protection<br/> |
||||
Great: quiet hard to implement, middle protection<br/> |
||||
Best: hard to implement, strong protection |
||||
</td> |
||||
<td> |
||||
For weakness:<br/> |
||||
<%= image_tag 'check-empty.svg' %> Not vulnerable |
||||
<%= image_tag 'cross-red.svg' %> Vulnerable<br/> |
||||
|
||||
Future: known weakness, but no practical attack known<br/> |
||||
Weak: known weakness, pratical attack exist<br/> |
||||
Deprecated: known weakness, merely equivalent or equal to plain text |
||||
</td> |
||||
</tr> |
||||
</table> |
||||
|
||||
|
||||
<p> |
||||
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses |
||||
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/> |
||||
When you send an email, the server used to forward the mail |
||||
(the <a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>) |
||||
to the recipient has no way to guess in advance if recipient MTA |
||||
supports or not encryption and which cipher suite will be |
||||
available. |
||||
To avoid your email returning to you in case of failure, the |
||||
standard for email encryption |
||||
(<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>) |
||||
requires to retry <b>in plain text</b> in case of encryption |
||||
handshake failure.<br/> |
||||
So, for SMTP, there is a compromise to make between strong |
||||
configuration, leading to plain text fallback for old or badly |
||||
configured MTA, and compatibility with such MTA to use weak |
||||
encryption better than plain text but allowing downgrade attack |
||||
on stronger MTA.<br/> |
||||
Given email is a real nightmare for security, with multiple way |
||||
to force a connection to fallback to plain text |
||||
(<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>, |
||||
<a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…), |
||||
CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about |
||||
compatibility trouble. This way, weak people are still weak, but |
||||
strong people can (not too much) hope strong encryption under |
||||
normal condition.<br/> |
||||
Be advice than strong score here for SMTP means compatibility |
||||
troubles. |
||||
Or fucked service which doesn't take care of your security. |
||||
I don't know, you turn to judge. |
||||
</p> |
||||
</div> |
||||
</div> |
||||
</div> |