Extract help in partials
parent
4356d4d761
commit
72c420effa
|
@ -0,0 +1,258 @@
|
|||
<h1>Scoring</h1>
|
||||
|
||||
<p>
|
||||
Currently, CryptCheck gives note from <%= rank_label :G %> for the
|
||||
worst sites to <%= rank_label :'A+' %> for the best ones.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Scoring is based on the fact that TLS handshake is <b>not</b> authenticated,
|
||||
and so an attacker can force to use whatever cipher he wants as soon as both
|
||||
client and server support it, with a downgrade attack as simple as modify
|
||||
TCP packets on the fly.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Such downgrade attack doesn't require heavy resources and can be made with
|
||||
standard computer or phone.<br/>
|
||||
The only difficult part is to be in position to modify the traffic between
|
||||
the client and the server.
|
||||
This is the case if the attacker is connected on the same network as the
|
||||
client (hotspot, 3G…) with simple
|
||||
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>,
|
||||
doable with tools like
|
||||
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
As client support can't be guessed, CryptCheck considers the <b>weakest</b>
|
||||
suite supported server side.
|
||||
This way, a connection to the scored service can't lead to a negociated
|
||||
handshake with a worse score than the one given to the service, whatever
|
||||
your client supports and whatever an attacker is present or not.
|
||||
</p>
|
||||
|
||||
<table class="scoring table table-bordered table-condensed center table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
<th rowspan="2">Score</th>
|
||||
<td rowspan="2"></td>
|
||||
<td colspan="3">Protection</td>
|
||||
<td colspan="3">Weakness</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Best</td>
|
||||
<td>Great</td>
|
||||
<td>Good</td>
|
||||
|
||||
<td>Future</td>
|
||||
<td>Weak</td>
|
||||
<td>Deprecated</td>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th><%= rank_label :'A+' %></th>
|
||||
<td class="left">
|
||||
Seriously take security into account and invest a lot on it.<br/>
|
||||
Whatever the cost, encryption safety is implemented.
|
||||
You can be proud!
|
||||
</td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :A %></th>
|
||||
<td class="left">
|
||||
Seriously take security into account and invest a lot on it.
|
||||
</td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :'B+' %></th>
|
||||
<td class="left">
|
||||
Seriously take security into account and invest on it.
|
||||
</td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :B %></th>
|
||||
<td class="left">
|
||||
Take security into account and invest on it.
|
||||
</td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :'C+' %></th>
|
||||
<td class="left">
|
||||
Take security into account and invest a little on it.
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :C %></th>
|
||||
<td class="left">
|
||||
Take security into account but don't spend too much for it.
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :D %></th>
|
||||
<td class="left">
|
||||
Take security into account. Minimaly.<br/>
|
||||
This is the worst score a decent service must have today.
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :E %></th>
|
||||
<td class="left">
|
||||
Take security into account. A little. Or not.
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'cross-red.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :F %></th>
|
||||
<td class="left">
|
||||
Just don't take security into account.
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'cross-red.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :G %></th>
|
||||
<td class="left">
|
||||
Just don't take security into account at all.<br/>
|
||||
What the fuck you do, dude?
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'cross-red.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :'0' %></th>
|
||||
<td class="left">
|
||||
No security at all. Just plain text.<br/>
|
||||
Seriously, in <%= Date.today.year %>?
|
||||
</td>
|
||||
<td colspan="6"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :V %></th>
|
||||
<td class="left">
|
||||
Invalid certificate (wrong domain, expired…)
|
||||
</td>
|
||||
<td colspan="6"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :T %></th>
|
||||
<td class="left">
|
||||
Unstrusted certificate. Not issued by a trusted
|
||||
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>.
|
||||
</td>
|
||||
<td colspan="6"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :X %></th>
|
||||
<td class="left">
|
||||
Error occurs during the analysis. Try again later?
|
||||
</td>
|
||||
<td colspan="6"></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<table class="scoring table table-bordered table-condensed">
|
||||
<tr>
|
||||
<td>
|
||||
For protection:<br/>
|
||||
<%= image_tag 'check-full.svg' %> Fully implemented
|
||||
<%= image_tag 'check-empty.svg' %> Partially implemented<br/>
|
||||
|
||||
Good: simple to implement, small protection<br/>
|
||||
Great: quiet hard to implement, middle protection<br/>
|
||||
Best: hard to implement, strong protection
|
||||
</td>
|
||||
<td>
|
||||
For weakness:<br/>
|
||||
<%= image_tag 'check-empty.svg' %> Not vulnerable
|
||||
<%= image_tag 'cross-red.svg' %> Vulnerable<br/>
|
||||
|
||||
Future: known weakness, but no practical attack known<br/>
|
||||
Weak: known weakness, pratical attack exist<br/>
|
||||
Deprecated: known weakness, merely equivalent or equal to plain text
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<p>
|
||||
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses
|
||||
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/>
|
||||
When you send an email, the server used to forward the mail (the
|
||||
<a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>) to
|
||||
the recipient has no way to guess in advance if recipient MTA supports or
|
||||
not encryption and which cipher suite will be available.
|
||||
To avoid your email returning to you in case of failure, the standard for
|
||||
email encryption (<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>)
|
||||
requires to retry <b>in plain text</b> in case of encryption handshake
|
||||
failure.<br/>
|
||||
So, for SMTP, there is a compromise to make between strong configuration,
|
||||
leading to plain text fallback for old or badly configured MTA, and
|
||||
compatibility with such MTA to use weak encryption better than plain text
|
||||
but allowing downgrade attack on stronger MTA.<br/>
|
||||
Given email is a real nightmare for security, with multiple way to force a
|
||||
connection to fallback to plain text
|
||||
(<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>,
|
||||
<a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…),
|
||||
CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about compatibility
|
||||
trouble. This way, weak people are still weak, but strong people can (not
|
||||
too much) hope strong encryption under normal condition.<br/>
|
||||
Be advice than strong score here for SMTP means compatibility troubles.
|
||||
Or fucked service which doesn't take care of your security.
|
||||
I don't know, you turn to judge.
|
||||
</p>
|
|
@ -1,257 +1,7 @@
|
|||
<div id="help" class="container">
|
||||
<div class="row">
|
||||
<div class="col-sm-12">
|
||||
<h1>Scoring</h1>
|
||||
|
||||
<p>
|
||||
Currently, CryptCheck gives note from <%= rank_label :G %> for the
|
||||
worst sites to <%= rank_label :'A+' %> for the best ones.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Scoring is based on the fact that TLS handshake is <b>not</b>
|
||||
authenticated, and so an attacker can force to use whatever
|
||||
cipher he wants as soon as both client and server support it,
|
||||
with a downgrade attack as simple as modify TCP packets on the
|
||||
fly.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Such downgrade attack doesn't require heavy resources and can be
|
||||
made with standard computer or phone.<br/>
|
||||
The only difficult part is to be in position to modify the
|
||||
traffic between the client and the server.
|
||||
This is the case if the attacker is connected on the same network
|
||||
as the client (hotspot, 3G…) with simple
|
||||
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>,
|
||||
doable with tools like
|
||||
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
As client support can't be guessed, CryptCheck considers the
|
||||
<b>weakest</b> suite supported server side.
|
||||
This way, a connection to the scored service can't lead to a
|
||||
negociated handshake with a worse score than the one given to
|
||||
the service, whatever your client supports and whatever an
|
||||
attacker is present or not.
|
||||
</p>
|
||||
|
||||
<table class="scoring table table-bordered table-condensed center table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
<th rowspan="2">Score</th>
|
||||
<td rowspan="2"></td>
|
||||
<td colspan="3">Protection</td>
|
||||
<td colspan="3">Weakness</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Best</td>
|
||||
<td>Great</td>
|
||||
<td>Good</td>
|
||||
|
||||
<td>Future</td>
|
||||
<td>Weak</td>
|
||||
<td>Deprecated</td>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th><%= rank_label :'A+' %></th>
|
||||
<td class="left">
|
||||
Seriously take security into account and invest a lot on it.<br/>
|
||||
Whatever the cost, encryption safety is implemented.
|
||||
You can be proud!
|
||||
</td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :A %></th>
|
||||
<td class="left">
|
||||
Seriously take security into account and invest a lot on it.
|
||||
</td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :'B+' %></th>
|
||||
<td class="left">
|
||||
Seriously take security into account and invest on it.
|
||||
</td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :B %></th>
|
||||
<td class="left">
|
||||
Take security into account and invest on it.
|
||||
</td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :'C+' %></th>
|
||||
<td class="left">
|
||||
Take security into account and invest a little on it.
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'check-full.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :C %></th>
|
||||
<td class="left">
|
||||
Take security into account but don't spend too much for it.
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :D %></th>
|
||||
<td class="left">
|
||||
Take security into account. Minimaly.<br/>
|
||||
This is the worst score a decent service must have today.
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :E %></th>
|
||||
<td class="left">
|
||||
Take security into account. A little. Or not.
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'cross-red.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :F %></th>
|
||||
<td class="left">
|
||||
Just don't take security into account.
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'cross-red.svg' %></td>
|
||||
<td><%= image_tag 'check-empty.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :G %></th>
|
||||
<td class="left">
|
||||
Just don't take security into account at all.<br/>
|
||||
What the fuck you do, dude?
|
||||
</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td><%= image_tag 'cross-red.svg' %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :V %></th>
|
||||
<td class="left">
|
||||
Invalid certificate (wrong domain, expired…)
|
||||
</td>
|
||||
<td colspan="6"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= rank_label :T %></th>
|
||||
<td class="left">
|
||||
Unstrusted certificate. Not issued by a trusted
|
||||
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>.
|
||||
</td>
|
||||
<td colspan="6"></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
<table class="scoring table table-bordered table-condensed">
|
||||
<tr>
|
||||
<td>
|
||||
For protection:<br/>
|
||||
<%= image_tag 'check-full.svg' %> Fully implemented
|
||||
<%= image_tag 'check-empty.svg' %> Partially implemented<br/>
|
||||
|
||||
Good: simple to implement, small protection<br/>
|
||||
Great: quiet hard to implement, middle protection<br/>
|
||||
Best: hard to implement, strong protection
|
||||
</td>
|
||||
<td>
|
||||
For weakness:<br/>
|
||||
<%= image_tag 'check-empty.svg' %> Not vulnerable
|
||||
<%= image_tag 'cross-red.svg' %> Vulnerable<br/>
|
||||
|
||||
Future: known weakness, but no practical attack known<br/>
|
||||
Weak: known weakness, pratical attack exist<br/>
|
||||
Deprecated: known weakness, merely equivalent or equal to plain text
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
<p>
|
||||
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses
|
||||
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/>
|
||||
When you send an email, the server used to forward the mail
|
||||
(the <a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>)
|
||||
to the recipient has no way to guess in advance if recipient MTA
|
||||
supports or not encryption and which cipher suite will be
|
||||
available.
|
||||
To avoid your email returning to you in case of failure, the
|
||||
standard for email encryption
|
||||
(<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>)
|
||||
requires to retry <b>in plain text</b> in case of encryption
|
||||
handshake failure.<br/>
|
||||
So, for SMTP, there is a compromise to make between strong
|
||||
configuration, leading to plain text fallback for old or badly
|
||||
configured MTA, and compatibility with such MTA to use weak
|
||||
encryption better than plain text but allowing downgrade attack
|
||||
on stronger MTA.<br/>
|
||||
Given email is a real nightmare for security, with multiple way
|
||||
to force a connection to fallback to plain text
|
||||
(<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>,
|
||||
<a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…),
|
||||
CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about
|
||||
compatibility trouble. This way, weak people are still weak, but
|
||||
strong people can (not too much) hope strong encryption under
|
||||
normal condition.<br/>
|
||||
Be advice than strong score here for SMTP means compatibility
|
||||
troubles.
|
||||
Or fucked service which doesn't take care of your security.
|
||||
I don't know, you turn to judge.
|
||||
</p>
|
||||
<%= render partial: 'scoring' %>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
Loading…
Reference in New Issue