aeris
/
cryptcheck-rails
1
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Extract help in partials

sites
aeris 2017-11-12 10:04:51 +01:00
parent 4356d4d761
commit 72c420effa
2 changed files with 259 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

258
app/views/site/_scoring.html.erb 100644
View File

@ -0,0 +1,258 @@
<h1>Scoring</h1>
<p>
Currently, CryptCheck gives note from <%= rank_label :G %> for the
worst sites to <%= rank_label :'A+' %> for the best ones.
</p>
<p>
Scoring is based on the fact that TLS handshake is <b>not</b> authenticated,
and so an attacker can force to use whatever cipher he wants as soon as both
client and server support it, with a downgrade attack as simple as modify
TCP packets on the fly.
</p>
<p>
Such downgrade attack doesn't require heavy resources and can be made with
standard computer or phone.<br/>
The only difficult part is to be in position to modify the traffic between
the client and the server.
This is the case if the attacker is connected on the same network as the
client (hotspot, 3G…) with simple
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>,
doable with tools like
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/>
</p>
<p>
As client support can't be guessed, CryptCheck considers the <b>weakest</b>
suite supported server side.
This way, a connection to the scored service can't lead to a negociated
handshake with a worse score than the one given to the service, whatever
your client supports and whatever an attacker is present or not.
</p>
<table class="scoring table table-bordered table-condensed center table-striped">
<thead>
<tr>
<th rowspan="2">Score</th>
<td rowspan="2"></td>
<td colspan="3">Protection</td>
<td colspan="3">Weakness</td>
</tr>
<tr>
<td>Best</td>
<td>Great</td>
<td>Good</td>
<td>Future</td>
<td>Weak</td>
<td>Deprecated</td>
</tr>
</thead>
<tbody>
<tr>
<th><%= rank_label :'A+' %></th>
<td class="left">
Seriously take security into account and invest a lot on it.<br/>
Whatever the cost, encryption safety is implemented.
You can be proud!
</td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :A %></th>
<td class="left">
Seriously take security into account and invest a lot on it.
</td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'B+' %></th>
<td class="left">
Seriously take security into account and invest on it.
</td>
<td></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :B %></th>
<td class="left">
Take security into account and invest on it.
</td>
<td></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'C+' %></th>
<td class="left">
Take security into account and invest a little on it.
</td>
<td></td>
<td></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :C %></th>
<td class="left">
Take security into account but don't spend too much for it.
</td>
<td></td>
<td></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :D %></th>
<td class="left">
Take security into account. Minimaly.<br/>
This is the worst score a decent service must have today.
</td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :E %></th>
<td class="left">
Take security into account. A little. Or not.
</td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'cross-red.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :F %></th>
<td class="left">
Just don't take security into account.
</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'cross-red.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :G %></th>
<td class="left">
Just don't take security into account at all.<br/>
What the fuck you do, dude?
</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'cross-red.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'0' %></th>
<td class="left">
No security at all. Just plain text.<br/>
Seriously, in <%= Date.today.year %>?
</td>
<td colspan="6"></td>
</tr>
<tr>
<th><%= rank_label :V %></th>
<td class="left">
Invalid certificate (wrong domain, expired…)
</td>
<td colspan="6"></td>
</tr>
<tr>
<th><%= rank_label :T %></th>
<td class="left">
Unstrusted certificate. Not issued by a trusted
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>.
</td>
<td colspan="6"></td>
</tr>
<tr>
<th><%= rank_label :X %></th>
<td class="left">
Error occurs during the analysis. Try again later?
</td>
<td colspan="6"></td>
</tr>
</tbody>
</table>
<table class="scoring table table-bordered table-condensed">
<tr>
<td>
For protection:<br/>
<%= image_tag 'check-full.svg' %> Fully implemented
<%= image_tag 'check-empty.svg' %> Partially implemented<br/>
Good: simple to implement, small protection<br/>
Great: quiet hard to implement, middle protection<br/>
Best: hard to implement, strong protection
</td>
<td>
For weakness:<br/>
<%= image_tag 'check-empty.svg' %> Not vulnerable
<%= image_tag 'cross-red.svg' %> Vulnerable<br/>
Future: known weakness, but no practical attack known<br/>
Weak: known weakness, pratical attack exist<br/>
Deprecated: known weakness, merely equivalent or equal to plain text
</td>
</tr>
</table>
<p>
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/>
When you send an email, the server used to forward the mail (the
<a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>) to
the recipient has no way to guess in advance if recipient MTA supports or
not encryption and which cipher suite will be available.
To avoid your email returning to you in case of failure, the standard for
email encryption (<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>)
requires to retry <b>in plain text</b> in case of encryption handshake
failure.<br/>
So, for SMTP, there is a compromise to make between strong configuration,
leading to plain text fallback for old or badly configured MTA, and
compatibility with such MTA to use weak encryption better than plain text
but allowing downgrade attack on stronger MTA.<br/>
Given email is a real nightmare for security, with multiple way to force a
connection to fallback to plain text
(<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>,
<a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…),
CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about compatibility
trouble. This way, weak people are still weak, but strong people can (not
too much) hope strong encryption under normal condition.<br/>
Be advice than strong score here for SMTP means compatibility troubles.
Or fucked service which doesn't take care of your security.
I don't know, you turn to judge.
</p>

252
app/views/site/help.html.erb
View File

@ -1,257 +1,7 @@
<div id="help" class="container">
<div class="row">
<div class="col-sm-12">
<h1>Scoring</h1>
<p>
Currently, CryptCheck gives note from <%= rank_label :G %> for the
worst sites to <%= rank_label :'A+' %> for the best ones.
</p>
<p>
Scoring is based on the fact that TLS handshake is <b>not</b>
authenticated, and so an attacker can force to use whatever
cipher he wants as soon as both client and server support it,
with a downgrade attack as simple as modify TCP packets on the
fly.
</p>
<p>
Such downgrade attack doesn't require heavy resources and can be
made with standard computer or phone.<br/>
The only difficult part is to be in position to modify the
traffic between the client and the server.
This is the case if the attacker is connected on the same network
as the client (hotspot, 3G…) with simple
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>,
doable with tools like
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/>
</p>
<p>
As client support can't be guessed, CryptCheck considers the
<b>weakest</b> suite supported server side.
This way, a connection to the scored service can't lead to a
negociated handshake with a worse score than the one given to
the service, whatever your client supports and whatever an
attacker is present or not.
</p>
<table class="scoring table table-bordered table-condensed center table-striped">
<thead>
<tr>
<th rowspan="2">Score</th>
<td rowspan="2"></td>
<td colspan="3">Protection</td>
<td colspan="3">Weakness</td>
</tr>
<tr>
<td>Best</td>
<td>Great</td>
<td>Good</td>
<td>Future</td>
<td>Weak</td>
<td>Deprecated</td>
</tr>
</thead>
<tbody>
<tr>
<th><%= rank_label :'A+' %></th>
<td class="left">
Seriously take security into account and invest a lot on it.<br/>
Whatever the cost, encryption safety is implemented.
You can be proud!
</td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :A %></th>
<td class="left">
Seriously take security into account and invest a lot on it.
</td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'B+' %></th>
<td class="left">
Seriously take security into account and invest on it.
</td>
<td></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :B %></th>
<td class="left">
Take security into account and invest on it.
</td>
<td></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'C+' %></th>
<td class="left">
Take security into account and invest a little on it.
</td>
<td></td>
<td></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :C %></th>
<td class="left">
Take security into account but don't spend too much for it.
</td>
<td></td>
<td></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :D %></th>
<td class="left">
Take security into account. Minimaly.<br/>
This is the worst score a decent service must have today.
</td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :E %></th>
<td class="left">
Take security into account. A little. Or not.
</td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'cross-red.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :F %></th>
<td class="left">
Just don't take security into account.
</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'cross-red.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :G %></th>
<td class="left">
Just don't take security into account at all.<br/>
What the fuck you do, dude?
</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'cross-red.svg' %></td>
</tr>
<tr>
<th><%= rank_label :V %></th>
<td class="left">
Invalid certificate (wrong domain, expired…)
</td>
<td colspan="6"></td>
</tr>
<tr>
<th><%= rank_label :T %></th>
<td class="left">
Unstrusted certificate. Not issued by a trusted
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>.
</td>
<td colspan="6"></td>
</tr>
</tbody>
</table>
<table class="scoring table table-bordered table-condensed">
<tr>
<td>
For protection:<br/>
<%= image_tag 'check-full.svg' %> Fully implemented
<%= image_tag 'check-empty.svg' %> Partially implemented<br/>
Good: simple to implement, small protection<br/>
Great: quiet hard to implement, middle protection<br/>
Best: hard to implement, strong protection
</td>
<td>
For weakness:<br/>
<%= image_tag 'check-empty.svg' %> Not vulnerable
<%= image_tag 'cross-red.svg' %> Vulnerable<br/>
Future: known weakness, but no practical attack known<br/>
Weak: known weakness, pratical attack exist<br/>
Deprecated: known weakness, merely equivalent or equal to plain text
</td>
</tr>
</table>
<p>
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/>
When you send an email, the server used to forward the mail
(the <a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>)
to the recipient has no way to guess in advance if recipient MTA
supports or not encryption and which cipher suite will be
available.
To avoid your email returning to you in case of failure, the
standard for email encryption
(<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>)
requires to retry <b>in plain text</b> in case of encryption
handshake failure.<br/>
So, for SMTP, there is a compromise to make between strong
configuration, leading to plain text fallback for old or badly
configured MTA, and compatibility with such MTA to use weak
encryption better than plain text but allowing downgrade attack
on stronger MTA.<br/>
Given email is a real nightmare for security, with multiple way
to force a connection to fallback to plain text
(<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>,
<a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…),
CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about
compatibility trouble. This way, weak people are still weak, but
strong people can (not too much) hope strong encryption under
normal condition.<br/>
Be advice than strong score here for SMTP means compatibility
troubles.
Or fucked service which doesn't take care of your security.
I don't know, you turn to judge.
</p>
<%= render partial: 'scoring' %>
</div>
</div>
</div>