diff --git a/app/views/site/_scoring.html.erb b/app/views/site/_scoring.html.erb new file mode 100644 index 0000000..8dae1ad --- /dev/null +++ b/app/views/site/_scoring.html.erb @@ -0,0 +1,258 @@ +
+ Currently, CryptCheck gives note from <%= rank_label :G %> for the + worst sites to <%= rank_label :'A+' %> for the best ones. +
+ ++ Scoring is based on the fact that TLS handshake is not authenticated, + and so an attacker can force to use whatever cipher he wants as soon as both + client and server support it, with a downgrade attack as simple as modify + TCP packets on the fly. +
+ +
+ Such downgrade attack doesn't require heavy resources and can be made with
+ standard computer or phone.
+ The only difficult part is to be in position to modify the traffic between
+ the client and the server.
+ This is the case if the attacker is connected on the same network as the
+ client (hotspot, 3G…) with simple
+ ARP spoofing,
+ doable with tools like
+ Droid Sheep.
+
+ As client support can't be guessed, CryptCheck considers the weakest + suite supported server side. + This way, a connection to the scored service can't lead to a negociated + handshake with a worse score than the one given to the service, whatever + your client supports and whatever an attacker is present or not. +
+ +Score | ++ | Protection | +Weakness | +||||
---|---|---|---|---|---|---|---|
Best | +Great | +Good | + +Future | +Weak | +Deprecated | +||
<%= rank_label :'A+' %> | +
+ Seriously take security into account and invest a lot on it. + Whatever the cost, encryption safety is implemented. + You can be proud! + |
+ <%= image_tag 'check-full.svg' %> | +<%= image_tag 'check-full.svg' %> | +<%= image_tag 'check-full.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +
<%= rank_label :A %> | ++ Seriously take security into account and invest a lot on it. + | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-full.svg' %> | +<%= image_tag 'check-full.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +
<%= rank_label :'B+' %> | ++ Seriously take security into account and invest on it. + | ++ | <%= image_tag 'check-full.svg' %> | +<%= image_tag 'check-full.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +
<%= rank_label :B %> | ++ Take security into account and invest on it. + | ++ | <%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-full.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +
<%= rank_label :'C+' %> | ++ Take security into account and invest a little on it. + | ++ | + | <%= image_tag 'check-full.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +
<%= rank_label :C %> | ++ Take security into account but don't spend too much for it. + | ++ | + | <%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +
<%= rank_label :D %> | +
+ Take security into account. Minimaly. + This is the worst score a decent service must have today. + |
+ + | + | + | <%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +
<%= rank_label :E %> | ++ Take security into account. A little. Or not. + | ++ | + | + | <%= image_tag 'cross-red.svg' %> | +<%= image_tag 'check-empty.svg' %> | +<%= image_tag 'check-empty.svg' %> | +
<%= rank_label :F %> | ++ Just don't take security into account. + | ++ | + | + | + | <%= image_tag 'cross-red.svg' %> | +<%= image_tag 'check-empty.svg' %> | +
<%= rank_label :G %> | +
+ Just don't take security into account at all. + What the fuck you do, dude? + |
+ + | + | + | + | + | <%= image_tag 'cross-red.svg' %> | +
<%= rank_label :'0' %> | +
+ No security at all. Just plain text. + Seriously, in <%= Date.today.year %>? + |
+ + | |||||
<%= rank_label :V %> | ++ Invalid certificate (wrong domain, expired…) + | ++ | |||||
<%= rank_label :T %> | ++ Unstrusted certificate. Not issued by a trusted + certificate authority. + | ++ | |||||
<%= rank_label :X %> | ++ Error occurs during the analysis. Try again later? + | ++ |
+ For protection: + <%= image_tag 'check-full.svg' %> Fully implemented + <%= image_tag 'check-empty.svg' %> Partially implemented + + Good: simple to implement, small protection + Great: quiet hard to implement, middle protection + Best: hard to implement, strong protection + |
+
+ For weakness: + <%= image_tag 'check-empty.svg' %> Not vulnerable + <%= image_tag 'cross-red.svg' %> Vulnerable + + Future: known weakness, but no practical attack known + Weak: known weakness, pratical attack exist + Deprecated: known weakness, merely equivalent or equal to plain text + |
+
+ Note: Unlike HTTPS or XMPP, SMTP uses
+ opportunistic encryption.
+ When you send an email, the server used to forward the mail (the
+ MTA) to
+ the recipient has no way to guess in advance if recipient MTA supports or
+ not encryption and which cipher suite will be available.
+ To avoid your email returning to you in case of failure, the standard for
+ email encryption (RFC 3207)
+ requires to retry in plain text in case of encryption handshake
+ failure.
+ So, for SMTP, there is a compromise to make between strong configuration,
+ leading to plain text fallback for old or badly configured MTA, and
+ compatibility with such MTA to use weak encryption better than plain text
+ but allowing downgrade attack on stronger MTA.
+ Given email is a real nightmare for security, with multiple way to force a
+ connection to fallback to plain text
+ (STARTTLS stripping,
+ MX lying…),
+ CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about compatibility
+ trouble. This way, weak people are still weak, but strong people can (not
+ too much) hope strong encryption under normal condition.
+ Be advice than strong score here for SMTP means compatibility troubles.
+ Or fucked service which doesn't take care of your security.
+ I don't know, you turn to judge.
+
- Currently, CryptCheck gives note from <%= rank_label :G %> for the - worst sites to <%= rank_label :'A+' %> for the best ones. -
- -- Scoring is based on the fact that TLS handshake is not - authenticated, and so an attacker can force to use whatever - cipher he wants as soon as both client and server support it, - with a downgrade attack as simple as modify TCP packets on the - fly. -
- -
- Such downgrade attack doesn't require heavy resources and can be
- made with standard computer or phone.
- The only difficult part is to be in position to modify the
- traffic between the client and the server.
- This is the case if the attacker is connected on the same network
- as the client (hotspot, 3G…) with simple
- ARP spoofing,
- doable with tools like
- Droid Sheep.
-
- As client support can't be guessed, CryptCheck considers the - weakest suite supported server side. - This way, a connection to the scored service can't lead to a - negociated handshake with a worse score than the one given to - the service, whatever your client supports and whatever an - attacker is present or not. -
- -Score | -- | Protection | -Weakness | -||||
---|---|---|---|---|---|---|---|
Best | -Great | -Good | - -Future | -Weak | -Deprecated | -||
<%= rank_label :'A+' %> | -
- Seriously take security into account and invest a lot on it. - Whatever the cost, encryption safety is implemented. - You can be proud! - |
- <%= image_tag 'check-full.svg' %> | -<%= image_tag 'check-full.svg' %> | -<%= image_tag 'check-full.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -
<%= rank_label :A %> | -- Seriously take security into account and invest a lot on it. - | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-full.svg' %> | -<%= image_tag 'check-full.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -
<%= rank_label :'B+' %> | -- Seriously take security into account and invest on it. - | -- | <%= image_tag 'check-full.svg' %> | -<%= image_tag 'check-full.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -
<%= rank_label :B %> | -- Take security into account and invest on it. - | -- | <%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-full.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -
<%= rank_label :'C+' %> | -- Take security into account and invest a little on it. - | -- | - | <%= image_tag 'check-full.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -
<%= rank_label :C %> | -- Take security into account but don't spend too much for it. - | -- | - | <%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -
<%= rank_label :D %> | -
- Take security into account. Minimaly. - This is the worst score a decent service must have today. - |
- - | - | - | <%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -
<%= rank_label :E %> | -- Take security into account. A little. Or not. - | -- | - | - | <%= image_tag 'cross-red.svg' %> | -<%= image_tag 'check-empty.svg' %> | -<%= image_tag 'check-empty.svg' %> | -
<%= rank_label :F %> | -- Just don't take security into account. - | -- | - | - | - | <%= image_tag 'cross-red.svg' %> | -<%= image_tag 'check-empty.svg' %> | -
<%= rank_label :G %> | -
- Just don't take security into account at all. - What the fuck you do, dude? - |
- - | - | - | - | - | <%= image_tag 'cross-red.svg' %> | -
<%= rank_label :V %> | -- Invalid certificate (wrong domain, expired…) - | -- | |||||
<%= rank_label :T %> | -- Unstrusted certificate. Not issued by a trusted - certificate authority. - | -- |
- For protection: - <%= image_tag 'check-full.svg' %> Fully implemented - <%= image_tag 'check-empty.svg' %> Partially implemented - - Good: simple to implement, small protection - Great: quiet hard to implement, middle protection - Best: hard to implement, strong protection - |
-
- For weakness: - <%= image_tag 'check-empty.svg' %> Not vulnerable - <%= image_tag 'cross-red.svg' %> Vulnerable - - Future: known weakness, but no practical attack known - Weak: known weakness, pratical attack exist - Deprecated: known weakness, merely equivalent or equal to plain text - |
-
- Note: Unlike HTTPS or XMPP, SMTP uses
- opportunistic encryption.
- When you send an email, the server used to forward the mail
- (the MTA)
- to the recipient has no way to guess in advance if recipient MTA
- supports or not encryption and which cipher suite will be
- available.
- To avoid your email returning to you in case of failure, the
- standard for email encryption
- (RFC 3207)
- requires to retry in plain text in case of encryption
- handshake failure.
- So, for SMTP, there is a compromise to make between strong
- configuration, leading to plain text fallback for old or badly
- configured MTA, and compatibility with such MTA to use weak
- encryption better than plain text but allowing downgrade attack
- on stronger MTA.
- Given email is a real nightmare for security, with multiple way
- to force a connection to fallback to plain text
- (STARTTLS stripping,
- MX lying…),
- CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about
- compatibility trouble. This way, weak people are still weak, but
- strong people can (not too much) hope strong encryption under
- normal condition.
- Be advice than strong score here for SMTP means compatibility
- troubles.
- Or fucked service which doesn't take care of your security.
- I don't know, you turn to judge.
-