2 changed files with 259 additions and 251 deletions
@ -0,0 +1,258 @@ |
|||
<h1>Scoring</h1> |
|||
|
|||
<p> |
|||
Currently, CryptCheck gives note from <%= rank_label :G %> for the |
|||
worst sites to <%= rank_label :'A+' %> for the best ones. |
|||
</p> |
|||
|
|||
<p> |
|||
Scoring is based on the fact that TLS handshake is <b>not</b> authenticated, |
|||
and so an attacker can force to use whatever cipher he wants as soon as both |
|||
client and server support it, with a downgrade attack as simple as modify |
|||
TCP packets on the fly. |
|||
</p> |
|||
|
|||
<p> |
|||
Such downgrade attack doesn't require heavy resources and can be made with |
|||
standard computer or phone.<br/> |
|||
The only difficult part is to be in position to modify the traffic between |
|||
the client and the server. |
|||
This is the case if the attacker is connected on the same network as the |
|||
client (hotspot, 3G…) with simple |
|||
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>, |
|||
doable with tools like |
|||
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/> |
|||
</p> |
|||
|
|||
<p> |
|||
As client support can't be guessed, CryptCheck considers the <b>weakest</b> |
|||
suite supported server side. |
|||
This way, a connection to the scored service can't lead to a negociated |
|||
handshake with a worse score than the one given to the service, whatever |
|||
your client supports and whatever an attacker is present or not. |
|||
</p> |
|||
|
|||
<table class="scoring table table-bordered table-condensed center table-striped"> |
|||
<thead> |
|||
<tr> |
|||
<th rowspan="2">Score</th> |
|||
<td rowspan="2"></td> |
|||
<td colspan="3">Protection</td> |
|||
<td colspan="3">Weakness</td> |
|||
</tr> |
|||
<tr> |
|||
<td>Best</td> |
|||
<td>Great</td> |
|||
<td>Good</td> |
|||
|
|||
<td>Future</td> |
|||
<td>Weak</td> |
|||
<td>Deprecated</td> |
|||
</tr> |
|||
</thead> |
|||
<tbody> |
|||
<tr> |
|||
<th><%= rank_label :'A+' %></th> |
|||
<td class="left"> |
|||
Seriously take security into account and invest a lot on it.<br/> |
|||
Whatever the cost, encryption safety is implemented. |
|||
You can be proud! |
|||
</td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :A %></th> |
|||
<td class="left"> |
|||
Seriously take security into account and invest a lot on it. |
|||
</td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :'B+' %></th> |
|||
<td class="left"> |
|||
Seriously take security into account and invest on it. |
|||
</td> |
|||
<td></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :B %></th> |
|||
<td class="left"> |
|||
Take security into account and invest on it. |
|||
</td> |
|||
<td></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :'C+' %></th> |
|||
<td class="left"> |
|||
Take security into account and invest a little on it. |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :C %></th> |
|||
<td class="left"> |
|||
Take security into account but don't spend too much for it. |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :D %></th> |
|||
<td class="left"> |
|||
Take security into account. Minimaly.<br/> |
|||
This is the worst score a decent service must have today. |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :E %></th> |
|||
<td class="left"> |
|||
Take security into account. A little. Or not. |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'cross-red.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :F %></th> |
|||
<td class="left"> |
|||
Just don't take security into account. |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'cross-red.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :G %></th> |
|||
<td class="left"> |
|||
Just don't take security into account at all.<br/> |
|||
What the fuck you do, dude? |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'cross-red.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :'0' %></th> |
|||
<td class="left"> |
|||
No security at all. Just plain text.<br/> |
|||
Seriously, in <%= Date.today.year %>? |
|||
</td> |
|||
<td colspan="6"></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :V %></th> |
|||
<td class="left"> |
|||
Invalid certificate (wrong domain, expired…) |
|||
</td> |
|||
<td colspan="6"></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :T %></th> |
|||
<td class="left"> |
|||
Unstrusted certificate. Not issued by a trusted |
|||
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>. |
|||
</td> |
|||
<td colspan="6"></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :X %></th> |
|||
<td class="left"> |
|||
Error occurs during the analysis. Try again later? |
|||
</td> |
|||
<td colspan="6"></td> |
|||
</tr> |
|||
</tbody> |
|||
</table> |
|||
<table class="scoring table table-bordered table-condensed"> |
|||
<tr> |
|||
<td> |
|||
For protection:<br/> |
|||
<%= image_tag 'check-full.svg' %> Fully implemented |
|||
<%= image_tag 'check-empty.svg' %> Partially implemented<br/> |
|||
|
|||
Good: simple to implement, small protection<br/> |
|||
Great: quiet hard to implement, middle protection<br/> |
|||
Best: hard to implement, strong protection |
|||
</td> |
|||
<td> |
|||
For weakness:<br/> |
|||
<%= image_tag 'check-empty.svg' %> Not vulnerable |
|||
<%= image_tag 'cross-red.svg' %> Vulnerable<br/> |
|||
|
|||
Future: known weakness, but no practical attack known<br/> |
|||
Weak: known weakness, pratical attack exist<br/> |
|||
Deprecated: known weakness, merely equivalent or equal to plain text |
|||
</td> |
|||
</tr> |
|||
</table> |
|||
|
|||
<p> |
|||
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses |
|||
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/> |
|||
When you send an email, the server used to forward the mail (the |
|||
<a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>) to |
|||
the recipient has no way to guess in advance if recipient MTA supports or |
|||
not encryption and which cipher suite will be available. |
|||
To avoid your email returning to you in case of failure, the standard for |
|||
email encryption (<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>) |
|||
requires to retry <b>in plain text</b> in case of encryption handshake |
|||
failure.<br/> |
|||
So, for SMTP, there is a compromise to make between strong configuration, |
|||
leading to plain text fallback for old or badly configured MTA, and |
|||
compatibility with such MTA to use weak encryption better than plain text |
|||
but allowing downgrade attack on stronger MTA.<br/> |
|||
Given email is a real nightmare for security, with multiple way to force a |
|||
connection to fallback to plain text |
|||
(<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>, |
|||
<a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…), |
|||
CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about compatibility |
|||
trouble. This way, weak people are still weak, but strong people can (not |
|||
too much) hope strong encryption under normal condition.<br/> |
|||
Be advice than strong score here for SMTP means compatibility troubles. |
|||
Or fucked service which doesn't take care of your security. |
|||
I don't know, you turn to judge. |
|||
</p> |
@ -1,257 +1,7 @@ |
|||
<div id="help" class="container"> |
|||
<div class="row"> |
|||
<div class="col-sm-12"> |
|||
<h1>Scoring</h1> |
|||
|
|||
<p> |
|||
Currently, CryptCheck gives note from <%= rank_label :G %> for the |
|||
worst sites to <%= rank_label :'A+' %> for the best ones. |
|||
</p> |
|||
|
|||
<p> |
|||
Scoring is based on the fact that TLS handshake is <b>not</b> |
|||
authenticated, and so an attacker can force to use whatever |
|||
cipher he wants as soon as both client and server support it, |
|||
with a downgrade attack as simple as modify TCP packets on the |
|||
fly. |
|||
</p> |
|||
|
|||
<p> |
|||
Such downgrade attack doesn't require heavy resources and can be |
|||
made with standard computer or phone.<br/> |
|||
The only difficult part is to be in position to modify the |
|||
traffic between the client and the server. |
|||
This is the case if the attacker is connected on the same network |
|||
as the client (hotspot, 3G…) with simple |
|||
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>, |
|||
doable with tools like |
|||
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/> |
|||
</p> |
|||
|
|||
<p> |
|||
As client support can't be guessed, CryptCheck considers the |
|||
<b>weakest</b> suite supported server side. |
|||
This way, a connection to the scored service can't lead to a |
|||
negociated handshake with a worse score than the one given to |
|||
the service, whatever your client supports and whatever an |
|||
attacker is present or not. |
|||
</p> |
|||
|
|||
<table class="scoring table table-bordered table-condensed center table-striped"> |
|||
<thead> |
|||
<tr> |
|||
<th rowspan="2">Score</th> |
|||
<td rowspan="2"></td> |
|||
<td colspan="3">Protection</td> |
|||
<td colspan="3">Weakness</td> |
|||
</tr> |
|||
<tr> |
|||
<td>Best</td> |
|||
<td>Great</td> |
|||
<td>Good</td> |
|||
|
|||
<td>Future</td> |
|||
<td>Weak</td> |
|||
<td>Deprecated</td> |
|||
</tr> |
|||
</thead> |
|||
<tbody> |
|||
<tr> |
|||
<th><%= rank_label :'A+' %></th> |
|||
<td class="left"> |
|||
Seriously take security into account and invest a lot on it.<br/> |
|||
Whatever the cost, encryption safety is implemented. |
|||
You can be proud! |
|||
</td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :A %></th> |
|||
<td class="left"> |
|||
Seriously take security into account and invest a lot on it. |
|||
</td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :'B+' %></th> |
|||
<td class="left"> |
|||
Seriously take security into account and invest on it. |
|||
</td> |
|||
<td></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :B %></th> |
|||
<td class="left"> |
|||
Take security into account and invest on it. |
|||
</td> |
|||
<td></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :'C+' %></th> |
|||
<td class="left"> |
|||
Take security into account and invest a little on it. |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'check-full.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :C %></th> |
|||
<td class="left"> |
|||
Take security into account but don't spend too much for it. |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :D %></th> |
|||
<td class="left"> |
|||
Take security into account. Minimaly.<br/> |
|||
This is the worst score a decent service must have today. |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :E %></th> |
|||
<td class="left"> |
|||
Take security into account. A little. Or not. |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'cross-red.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :F %></th> |
|||
<td class="left"> |
|||
Just don't take security into account. |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'cross-red.svg' %></td> |
|||
<td><%= image_tag 'check-empty.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :G %></th> |
|||
<td class="left"> |
|||
Just don't take security into account at all.<br/> |
|||
What the fuck you do, dude? |
|||
</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td><%= image_tag 'cross-red.svg' %></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :V %></th> |
|||
<td class="left"> |
|||
Invalid certificate (wrong domain, expired…) |
|||
</td> |
|||
<td colspan="6"></td> |
|||
</tr> |
|||
<tr> |
|||
<th><%= rank_label :T %></th> |
|||
<td class="left"> |
|||
Unstrusted certificate. Not issued by a trusted |
|||
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>. |
|||
</td> |
|||
<td colspan="6"></td> |
|||
</tr> |
|||
</tbody> |
|||
</table> |
|||
<table class="scoring table table-bordered table-condensed"> |
|||
<tr> |
|||
<td> |
|||
For protection:<br/> |
|||
<%= image_tag 'check-full.svg' %> Fully implemented |
|||
<%= image_tag 'check-empty.svg' %> Partially implemented<br/> |
|||
|
|||
Good: simple to implement, small protection<br/> |
|||
Great: quiet hard to implement, middle protection<br/> |
|||
Best: hard to implement, strong protection |
|||
</td> |
|||
<td> |
|||
For weakness:<br/> |
|||
<%= image_tag 'check-empty.svg' %> Not vulnerable |
|||
<%= image_tag 'cross-red.svg' %> Vulnerable<br/> |
|||
|
|||
Future: known weakness, but no practical attack known<br/> |
|||
Weak: known weakness, pratical attack exist<br/> |
|||
Deprecated: known weakness, merely equivalent or equal to plain text |
|||
</td> |
|||
</tr> |
|||
</table> |
|||
|
|||
|
|||
<p> |
|||
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses |
|||
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/> |
|||
When you send an email, the server used to forward the mail |
|||
(the <a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>) |
|||
to the recipient has no way to guess in advance if recipient MTA |
|||
supports or not encryption and which cipher suite will be |
|||
available. |
|||
To avoid your email returning to you in case of failure, the |
|||
standard for email encryption |
|||
(<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>) |
|||
requires to retry <b>in plain text</b> in case of encryption |
|||
handshake failure.<br/> |
|||
So, for SMTP, there is a compromise to make between strong |
|||
configuration, leading to plain text fallback for old or badly |
|||
configured MTA, and compatibility with such MTA to use weak |
|||
encryption better than plain text but allowing downgrade attack |
|||
on stronger MTA.<br/> |
|||
Given email is a real nightmare for security, with multiple way |
|||
to force a connection to fallback to plain text |
|||
(<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>, |
|||
<a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…), |
|||
CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about |
|||
compatibility trouble. This way, weak people are still weak, but |
|||
strong people can (not too much) hope strong encryption under |
|||
normal condition.<br/> |
|||
Be advice than strong score here for SMTP means compatibility |
|||
troubles. |
|||
Or fucked service which doesn't take care of your security. |
|||
I don't know, you turn to judge. |
|||
</p> |
|||
<%= render partial: 'scoring' %> |
|||
</div> |
|||
</div> |
|||
</div> |
|||
|
Loading…
Reference in new issue