parent
4356d4d761
commit
72c420effa
@ -0,0 +1,258 @@ |
||||
<h1>Scoring</h1> |
||||
|
||||
<p> |
||||
Currently, CryptCheck gives note from <%= rank_label :G %> for the |
||||
worst sites to <%= rank_label :'A+' %> for the best ones. |
||||
</p> |
||||
|
||||
<p> |
||||
Scoring is based on the fact that TLS handshake is <b>not</b> authenticated, |
||||
and so an attacker can force to use whatever cipher he wants as soon as both |
||||
client and server support it, with a downgrade attack as simple as modify |
||||
TCP packets on the fly. |
||||
</p> |
||||
|
||||
<p> |
||||
Such downgrade attack doesn't require heavy resources and can be made with |
||||
standard computer or phone.<br/> |
||||
The only difficult part is to be in position to modify the traffic between |
||||
the client and the server. |
||||
This is the case if the attacker is connected on the same network as the |
||||
client (hotspot, 3G…) with simple |
||||
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>, |
||||
doable with tools like |
||||
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/> |
||||
</p> |
||||
|
||||
<p> |
||||
As client support can't be guessed, CryptCheck considers the <b>weakest</b> |
||||
suite supported server side. |
||||
This way, a connection to the scored service can't lead to a negociated |
||||
handshake with a worse score than the one given to the service, whatever |
||||
your client supports and whatever an attacker is present or not. |
||||
</p> |
||||
|
||||
<table class="scoring table table-bordered table-condensed center table-striped"> |
||||
<thead> |
||||
<tr> |
||||
<th rowspan="2">Score</th> |
||||
<td rowspan="2"></td> |
||||
<td colspan="3">Protection</td> |
||||
<td colspan="3">Weakness</td> |
||||
</tr> |
||||
<tr> |
||||
<td>Best</td> |
||||
<td>Great</td> |
||||
<td>Good</td> |
||||
|
||||
<td>Future</td> |
||||
<td>Weak</td> |
||||
<td>Deprecated</td> |
||||
</tr> |
||||
</thead> |
||||
<tbody> |
||||
<tr> |
||||
<th><%= rank_label :'A+' %></th> |
||||
<td class="left"> |
||||
Seriously take security into account and invest a lot on it.<br/> |
||||
Whatever the cost, encryption safety is implemented. |
||||
You can be proud! |
||||
</td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :A %></th> |
||||
<td class="left"> |
||||
Seriously take security into account and invest a lot on it. |
||||
</td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :'B+' %></th> |
||||
<td class="left"> |
||||
Seriously take security into account and invest on it. |
||||
</td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :B %></th> |
||||
<td class="left"> |
||||
Take security into account and invest on it. |
||||
</td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :'C+' %></th> |
||||
<td class="left"> |
||||
Take security into account and invest a little on it. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :C %></th> |
||||
<td class="left"> |
||||
Take security into account but don't spend too much for it. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :D %></th> |
||||
<td class="left"> |
||||
Take security into account. Minimaly.<br/> |
||||
This is the worst score a decent service must have today. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :E %></th> |
||||
<td class="left"> |
||||
Take security into account. A little. Or not. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'cross-red.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :F %></th> |
||||
<td class="left"> |
||||
Just don't take security into account. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'cross-red.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :G %></th> |
||||
<td class="left"> |
||||
Just don't take security into account at all.<br/> |
||||
What the fuck you do, dude? |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'cross-red.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :'0' %></th> |
||||
<td class="left"> |
||||
No security at all. Just plain text.<br/> |
||||
Seriously, in <%= Date.today.year %>? |
||||
</td> |
||||
<td colspan="6"></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :V %></th> |
||||
<td class="left"> |
||||
Invalid certificate (wrong domain, expired…) |
||||
</td> |
||||
<td colspan="6"></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :T %></th> |
||||
<td class="left"> |
||||
Unstrusted certificate. Not issued by a trusted |
||||
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>. |
||||
</td> |
||||
<td colspan="6"></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :X %></th> |
||||
<td class="left"> |
||||
Error occurs during the analysis. Try again later? |
||||
</td> |
||||
<td colspan="6"></td> |
||||
</tr> |
||||
</tbody> |
||||
</table> |
||||
<table class="scoring table table-bordered table-condensed"> |
||||
<tr> |
||||
<td> |
||||
For protection:<br/> |
||||
<%= image_tag 'check-full.svg' %> Fully implemented |
||||
<%= image_tag 'check-empty.svg' %> Partially implemented<br/> |
||||
|
||||
Good: simple to implement, small protection<br/> |
||||
Great: quiet hard to implement, middle protection<br/> |
||||
Best: hard to implement, strong protection |
||||
</td> |
||||
<td> |
||||
For weakness:<br/> |
||||
<%= image_tag 'check-empty.svg' %> Not vulnerable |
||||
<%= image_tag 'cross-red.svg' %> Vulnerable<br/> |
||||
|
||||
Future: known weakness, but no practical attack known<br/> |
||||
Weak: known weakness, pratical attack exist<br/> |
||||
Deprecated: known weakness, merely equivalent or equal to plain text |
||||
</td> |
||||
</tr> |
||||
</table> |
||||
|
||||
<p> |
||||
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses |
||||
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/> |
||||
When you send an email, the server used to forward the mail (the |
||||
<a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>) to |
||||
the recipient has no way to guess in advance if recipient MTA supports or |
||||
not encryption and which cipher suite will be available. |
||||
To avoid your email returning to you in case of failure, the standard for |
||||
email encryption (<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>) |
||||
requires to retry <b>in plain text</b> in case of encryption handshake |
||||
failure.<br/> |
||||
So, for SMTP, there is a compromise to make between strong configuration, |
||||
leading to plain text fallback for old or badly configured MTA, and |
||||
compatibility with such MTA to use weak encryption better than plain text |
||||
but allowing downgrade attack on stronger MTA.<br/> |
||||
Given email is a real nightmare for security, with multiple way to force a |
||||
connection to fallback to plain text |
||||
(<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>, |
||||
<a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…), |
||||
CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about compatibility |
||||
trouble. This way, weak people are still weak, but strong people can (not |
||||
too much) hope strong encryption under normal condition.<br/> |
||||
Be advice than strong score here for SMTP means compatibility troubles. |
||||
Or fucked service which doesn't take care of your security. |
||||
I don't know, you turn to judge. |
||||
</p> |
@ -1,257 +1,7 @@ |
||||
<div id="help" class="container"> |
||||
<div class="row"> |
||||
<div class="col-sm-12"> |
||||
<h1>Scoring</h1> |
||||
|
||||
<p> |
||||
Currently, CryptCheck gives note from <%= rank_label :G %> for the |
||||
worst sites to <%= rank_label :'A+' %> for the best ones. |
||||
</p> |
||||
|
||||
<p> |
||||
Scoring is based on the fact that TLS handshake is <b>not</b> |
||||
authenticated, and so an attacker can force to use whatever |
||||
cipher he wants as soon as both client and server support it, |
||||
with a downgrade attack as simple as modify TCP packets on the |
||||
fly. |
||||
</p> |
||||
|
||||
<p> |
||||
Such downgrade attack doesn't require heavy resources and can be |
||||
made with standard computer or phone.<br/> |
||||
The only difficult part is to be in position to modify the |
||||
traffic between the client and the server. |
||||
This is the case if the attacker is connected on the same network |
||||
as the client (hotspot, 3G…) with simple |
||||
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>, |
||||
doable with tools like |
||||
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/> |
||||
</p> |
||||
|
||||
<p> |
||||
As client support can't be guessed, CryptCheck considers the |
||||
<b>weakest</b> suite supported server side. |
||||
This way, a connection to the scored service can't lead to a |
||||
negociated handshake with a worse score than the one given to |
||||
the service, whatever your client supports and whatever an |
||||
attacker is present or not. |
||||
</p> |
||||
|
||||
<table class="scoring table table-bordered table-condensed center table-striped"> |
||||
<thead> |
||||
<tr> |
||||
<th rowspan="2">Score</th> |
||||
<td rowspan="2"></td> |
||||
<td colspan="3">Protection</td> |
||||
<td colspan="3">Weakness</td> |
||||
</tr> |
||||
<tr> |
||||
<td>Best</td> |
||||
<td>Great</td> |
||||
<td>Good</td> |
||||
|
||||
<td>Future</td> |
||||
<td>Weak</td> |
||||
<td>Deprecated</td> |
||||
</tr> |
||||
</thead> |
||||
<tbody> |
||||
<tr> |
||||
<th><%= rank_label :'A+' %></th> |
||||
<td class="left"> |
||||
Seriously take security into account and invest a lot on it.<br/> |
||||
Whatever the cost, encryption safety is implemented. |
||||
You can be proud! |
||||
</td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :A %></th> |
||||
<td class="left"> |
||||
Seriously take security into account and invest a lot on it. |
||||
</td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :'B+' %></th> |
||||
<td class="left"> |
||||
Seriously take security into account and invest on it. |
||||
</td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :B %></th> |
||||
<td class="left"> |
||||
Take security into account and invest on it. |
||||
</td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :'C+' %></th> |
||||
<td class="left"> |
||||
Take security into account and invest a little on it. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-full.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :C %></th> |
||||
<td class="left"> |
||||
Take security into account but don't spend too much for it. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :D %></th> |
||||
<td class="left"> |
||||
Take security into account. Minimaly.<br/> |
||||
This is the worst score a decent service must have today. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :E %></th> |
||||
<td class="left"> |
||||
Take security into account. A little. Or not. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'cross-red.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :F %></th> |
||||
<td class="left"> |
||||
Just don't take security into account. |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'cross-red.svg' %></td> |
||||
<td><%= image_tag 'check-empty.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :G %></th> |
||||
<td class="left"> |
||||
Just don't take security into account at all.<br/> |
||||
What the fuck you do, dude? |
||||
</td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td></td> |
||||
<td><%= image_tag 'cross-red.svg' %></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :V %></th> |
||||
<td class="left"> |
||||
Invalid certificate (wrong domain, expired…) |
||||
</td> |
||||
<td colspan="6"></td> |
||||
</tr> |
||||
<tr> |
||||
<th><%= rank_label :T %></th> |
||||
<td class="left"> |
||||
Unstrusted certificate. Not issued by a trusted |
||||
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>. |
||||
</td> |
||||
<td colspan="6"></td> |
||||
</tr> |
||||
</tbody> |
||||
</table> |
||||
<table class="scoring table table-bordered table-condensed"> |
||||
<tr> |
||||
<td> |
||||
For protection:<br/> |
||||
<%= image_tag 'check-full.svg' %> Fully implemented |
||||
<%= image_tag 'check-empty.svg' %> Partially implemented<br/> |
||||
|
||||
Good: simple to implement, small protection<br/> |
||||
Great: quiet hard to implement, middle protection<br/> |
||||
Best: hard to implement, strong protection |
||||
</td> |
||||
<td> |
||||
For weakness:<br/> |
||||
<%= image_tag 'check-empty.svg' %> Not vulnerable |
||||
<%= image_tag 'cross-red.svg' %> Vulnerable<br/> |
||||
|
||||
Future: known weakness, but no practical attack known<br/> |
||||
Weak: known weakness, pratical attack exist<br/> |
||||
Deprecated: known weakness, merely equivalent or equal to plain text |
||||
</td> |
||||
</tr> |
||||
</table> |
||||
|
||||
|
||||
<p> |
||||
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses |
||||
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/> |
||||
When you send an email, the server used to forward the mail |
||||
(the <a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>) |
||||
to the recipient has no way to guess in advance if recipient MTA |
||||
supports or not encryption and which cipher suite will be |
||||
available. |
||||
To avoid your email returning to you in case of failure, the |
||||
standard for email encryption |
||||
(<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>) |
||||
requires to retry <b>in plain text</b> in case of encryption |
||||
handshake failure.<br/> |
||||
So, for SMTP, there is a compromise to make between strong |
||||
configuration, leading to plain text fallback for old or badly |
||||
configured MTA, and compatibility with such MTA to use weak |
||||
encryption better than plain text but allowing downgrade attack |
||||
on stronger MTA.<br/> |
||||
Given email is a real nightmare for security, with multiple way |
||||
to force a connection to fallback to plain text |
||||
(<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>, |
||||
<a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…), |
||||
CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about |
||||
compatibility trouble. This way, weak people are still weak, but |
||||
strong people can (not too much) hope strong encryption under |
||||
normal condition.<br/> |
||||
Be advice than strong score here for SMTP means compatibility |
||||
troubles. |
||||
Or fucked service which doesn't take care of your security. |
||||
I don't know, you turn to judge. |
||||
</p> |
||||
<%= render partial: 'scoring' %> |
||||
</div> |
||||
</div> |
||||
</div> |
||||
|
Loading…
Reference in new issue