diff --git a/app/views/site/_scoring.html.erb b/app/views/site/_scoring.html.erb new file mode 100644 index 0000000..8dae1ad --- /dev/null +++ b/app/views/site/_scoring.html.erb @@ -0,0 +1,258 @@ +

Scoring

+ +

+ Currently, CryptCheck gives note from <%= rank_label :G %> for the + worst sites to <%= rank_label :'A+' %> for the best ones. +

+ +

+ Scoring is based on the fact that TLS handshake is not authenticated, + and so an attacker can force to use whatever cipher he wants as soon as both + client and server support it, with a downgrade attack as simple as modify + TCP packets on the fly. +

+ +

+ Such downgrade attack doesn't require heavy resources and can be made with + standard computer or phone.
+ The only difficult part is to be in position to modify the traffic between + the client and the server. + This is the case if the attacker is connected on the same network as the + client (hotspot, 3G…) with simple + ARP spoofing, + doable with tools like + Droid Sheep.
+

+ +

+ As client support can't be guessed, CryptCheck considers the weakest + suite supported server side. + This way, a connection to the scored service can't lead to a negociated + handshake with a worse score than the one given to the service, whatever + your client supports and whatever an attacker is present or not. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ScoreProtectionWeakness
BestGreatGoodFutureWeakDeprecated
<%= rank_label :'A+' %> + Seriously take security into account and invest a lot on it.
+ Whatever the cost, encryption safety is implemented. + You can be proud! +
<%= image_tag 'check-full.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :A %> + Seriously take security into account and invest a lot on it. + <%= image_tag 'check-empty.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :'B+' %> + Seriously take security into account and invest on it. + <%= image_tag 'check-full.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :B %> + Take security into account and invest on it. + <%= image_tag 'check-empty.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :'C+' %> + Take security into account and invest a little on it. + <%= image_tag 'check-full.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :C %> + Take security into account but don't spend too much for it. + <%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :D %> + Take security into account. Minimaly.
+ This is the worst score a decent service must have today. +
<%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :E %> + Take security into account. A little. Or not. + <%= image_tag 'cross-red.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :F %> + Just don't take security into account. + <%= image_tag 'cross-red.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :G %> + Just don't take security into account at all.
+ What the fuck you do, dude? +
<%= image_tag 'cross-red.svg' %>
<%= rank_label :'0' %> + No security at all. Just plain text.
+ Seriously, in <%= Date.today.year %>? +
<%= rank_label :V %> + Invalid certificate (wrong domain, expired…) +
<%= rank_label :T %> + Unstrusted certificate. Not issued by a trusted + certificate authority. +
<%= rank_label :X %> + Error occurs during the analysis. Try again later? +
+ + + + + +
+ For protection:
+ <%= image_tag 'check-full.svg' %> Fully implemented + <%= image_tag 'check-empty.svg' %> Partially implemented
+ + Good: simple to implement, small protection
+ Great: quiet hard to implement, middle protection
+ Best: hard to implement, strong protection +
+ For weakness:
+ <%= image_tag 'check-empty.svg' %> Not vulnerable + <%= image_tag 'cross-red.svg' %> Vulnerable
+ + Future: known weakness, but no practical attack known
+ Weak: known weakness, pratical attack exist
+ Deprecated: known weakness, merely equivalent or equal to plain text +
+ +

+ Note: Unlike HTTPS or XMPP, SMTP uses + opportunistic encryption.
+ When you send an email, the server used to forward the mail (the + MTA) to + the recipient has no way to guess in advance if recipient MTA supports or + not encryption and which cipher suite will be available. + To avoid your email returning to you in case of failure, the standard for + email encryption (RFC 3207) + requires to retry in plain text in case of encryption handshake + failure.
+ So, for SMTP, there is a compromise to make between strong configuration, + leading to plain text fallback for old or badly configured MTA, and + compatibility with such MTA to use weak encryption better than plain text + but allowing downgrade attack on stronger MTA.
+ Given email is a real nightmare for security, with multiple way to force a + connection to fallback to plain text + (STARTTLS stripping, + MX lying…), + CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about compatibility + trouble. This way, weak people are still weak, but strong people can (not + too much) hope strong encryption under normal condition.
+ Be advice than strong score here for SMTP means compatibility troubles. + Or fucked service which doesn't take care of your security. + I don't know, you turn to judge. +

diff --git a/app/views/site/help.html.erb b/app/views/site/help.html.erb index 5c29236..047fd45 100644 --- a/app/views/site/help.html.erb +++ b/app/views/site/help.html.erb @@ -1,257 +1,7 @@
-

Scoring

- -

- Currently, CryptCheck gives note from <%= rank_label :G %> for the - worst sites to <%= rank_label :'A+' %> for the best ones. -

- -

- Scoring is based on the fact that TLS handshake is not - authenticated, and so an attacker can force to use whatever - cipher he wants as soon as both client and server support it, - with a downgrade attack as simple as modify TCP packets on the - fly. -

- -

- Such downgrade attack doesn't require heavy resources and can be - made with standard computer or phone.
- The only difficult part is to be in position to modify the - traffic between the client and the server. - This is the case if the attacker is connected on the same network - as the client (hotspot, 3G…) with simple - ARP spoofing, - doable with tools like - Droid Sheep.
-

- -

- As client support can't be guessed, CryptCheck considers the - weakest suite supported server side. - This way, a connection to the scored service can't lead to a - negociated handshake with a worse score than the one given to - the service, whatever your client supports and whatever an - attacker is present or not. -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ScoreProtectionWeakness
BestGreatGoodFutureWeakDeprecated
<%= rank_label :'A+' %> - Seriously take security into account and invest a lot on it.
- Whatever the cost, encryption safety is implemented. - You can be proud! -
<%= image_tag 'check-full.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :A %> - Seriously take security into account and invest a lot on it. - <%= image_tag 'check-empty.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :'B+' %> - Seriously take security into account and invest on it. - <%= image_tag 'check-full.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :B %> - Take security into account and invest on it. - <%= image_tag 'check-empty.svg' %><%= image_tag 'check-full.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :'C+' %> - Take security into account and invest a little on it. - <%= image_tag 'check-full.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :C %> - Take security into account but don't spend too much for it. - <%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :D %> - Take security into account. Minimaly.
- This is the worst score a decent service must have today. -
<%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :E %> - Take security into account. A little. Or not. - <%= image_tag 'cross-red.svg' %><%= image_tag 'check-empty.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :F %> - Just don't take security into account. - <%= image_tag 'cross-red.svg' %><%= image_tag 'check-empty.svg' %>
<%= rank_label :G %> - Just don't take security into account at all.
- What the fuck you do, dude? -
<%= image_tag 'cross-red.svg' %>
<%= rank_label :V %> - Invalid certificate (wrong domain, expired…) -
<%= rank_label :T %> - Unstrusted certificate. Not issued by a trusted - certificate authority. -
- - - - - -
- For protection:
- <%= image_tag 'check-full.svg' %> Fully implemented - <%= image_tag 'check-empty.svg' %> Partially implemented
- - Good: simple to implement, small protection
- Great: quiet hard to implement, middle protection
- Best: hard to implement, strong protection -
- For weakness:
- <%= image_tag 'check-empty.svg' %> Not vulnerable - <%= image_tag 'cross-red.svg' %> Vulnerable
- - Future: known weakness, but no practical attack known
- Weak: known weakness, pratical attack exist
- Deprecated: known weakness, merely equivalent or equal to plain text -
- - -

- Note: Unlike HTTPS or XMPP, SMTP uses - opportunistic encryption.
- When you send an email, the server used to forward the mail - (the MTA) - to the recipient has no way to guess in advance if recipient MTA - supports or not encryption and which cipher suite will be - available. - To avoid your email returning to you in case of failure, the - standard for email encryption - (RFC 3207) - requires to retry in plain text in case of encryption - handshake failure.
- So, for SMTP, there is a compromise to make between strong - configuration, leading to plain text fallback for old or badly - configured MTA, and compatibility with such MTA to use weak - encryption better than plain text but allowing downgrade attack - on stronger MTA.
- Given email is a real nightmare for security, with multiple way - to force a connection to fallback to plain text - (STARTTLS stripping, - MX lying…), - CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about - compatibility trouble. This way, weak people are still weak, but - strong people can (not too much) hope strong encryption under - normal condition.
- Be advice than strong score here for SMTP means compatibility - troubles. - Or fucked service which doesn't take care of your security. - I don't know, you turn to judge. -

+ <%= render partial: 'scoring' %>