Browse Source

Help & about

new-scoring
aeris 1 year ago
parent
commit
aa5743577d

app/assets/images/donate.svg → app/assets/images/liberapay.svg View File


+ 11
- 2
app/assets/stylesheets/application.scss.erb View File

@@ -27,8 +27,17 @@
box-sizing: border-box;
}

$navbar-offset: $navbar-height + 10px;
body {
padding-top: $navbar-height + 10px;
padding-top: $navbar-offset;
}

:target:before {
display: block;
content: " ";
margin-top: -$navbar-offset;
height: $navbar-offset;
visibility: hidden;
}

.label-error, .progress-bar-error {
@@ -40,7 +49,7 @@ body {
}

table.center {
td, th {
td {
text-align: center;

&.left {

+ 4
- 0
app/assets/stylesheets/site.scss.erb View File

@@ -1,10 +1,14 @@
#about, #help {
margin-bottom: 20px;
}

#about, #help .scoring {
p {
font-size: 1.25em;
}
}


#donorbox {
background: #2d81c5 url(<%= image_path 'donorbox.png' %>) no-repeat 18px center;
color: #fff;

+ 1
- 1
app/helpers/check_helper.rb View File

@@ -54,7 +54,7 @@ module CheckHelper
end

def rank_label(rank)
l = %i(V T).include? rank
l = %i(0 V T X).include? rank
label rank, rank_color(rank), !l
end


+ 8
- 0
app/helpers/site_helper.rb View File

@@ -1,3 +1,11 @@
module SiteHelper
include CheckHelper

def rfc_link_to(rfc)
link_to "RFC #{rfc}", "https://tools.ietf.org/html/rfc#{rfc}", target: :_blank
end

def wikipedia_link_to(content, page)
link_to content, "https://en.wikipedia.org/wiki/#{page}", target: :_blank
end
end

+ 301
- 0
app/views/site/_checks.html.erb View File

@@ -0,0 +1,301 @@
<h1>Checks</h1>
<h2>Protection</h2>
<h3>Hard protection</h3>

<p>
Such protection are hard or risky to deploy but give strong protection
against attack.<br/>
Deploying such protection can just break your service for a long time if you
don't understand what you are doing.<br/>
Service using such protection really tries to protect you and really know
what security is.
</p>
<hr/>

<h4 id="hpkp">
<%= rank_label :A %>
HTTP Public Key Pinning (HPKP)
<span class="small">HTTPS only, incoming feature</span>
</h4>

<p>
HPKP protection, specified in <%= rfc_link_to 7469 %>, consists of putting
headers on HTTP response to specify which keys or certificats are allowe
for the encryption.
If pinning mismatches, for example because of a
<%= wikipedia_link_to 'man-in-the-middle attack', 'Man-in-the-middle_attack' %>
connection is rejected and no data at all is transfered.
</p>

<pre>
<code>
$ curl -sI https://cryptcheck.fr/ | grep public-key-pins
public-key-pins: report-uri="https://aeris.report-uri.io/r/default/hpkp/enforce"; max-age=5184000;
pin-sha256="wdkD38iQQzxE7g0RpmN8VoaIqX7YmPWwoueD9Iqawfg="; pin-sha256="EswdUzfH2N8sx6Nb4Vr9gamtNF5VWQxLWUG0gDIPVLw=";
</code>
</pre>

<p>
HPKP is difficult to deploy because has a redemption period of some days
(maximum allowed: 60). During this time, in case of misconfiguration,
returning visitors will faced a TLS error page, even if the configuration
was fixed.
</p>

<hr/>

<h3>Medium protection</h3>

<p>
Such protection is not so easy to deploy and can have hazardous side effects,
but provides quiet good protection against some attacks.<br/>
Broken service is unexpected or could be fixed in a small time range.<br/>
Using such protection is a clear sign the service try to protect you.
</p>

<hr/>

<h4 id="hsts">
<%= rank_label :A %>&nbsp;<%= rank_label :B %>
HTTP Strict Transport Security (HSTS)
<span class="small">HTTPS only</span>
</h4>

<p>
HSTS protection, specified in <%= rfc_link_to 6797 %>, consists of putting
headers on HTTP response to specify the service supports HTTPS.<br/>
After the first connection (HSTS is
"<%= wikipedia_link_to 'Trust On First Use', 'Trust_on_first_use' %>" (TOFU)),
the browser automatically rewrite <code>http://</code> address to
<code>https://</code>, avoiding a plain request (with potential data leak)
to be asked by the service to redirect to the <code>https://</code> address.
</p>

<pre>
<code>
curl -sI https://cryptcheck.fr/ | grep strict-transport-security
strict-transport-security: max-age=31536000; includeSubDomains; preload;
</code>
</pre>

<p>
To have full score on HSTS, you need to have a long <code>max-age</code>
period, at least 1 year (<code>31536000</code> seconds).<br/>
If you correctly configure your service with HSTS, you can also ask for
<a href="https://hstspreload.org/" target="_blank">browser preloading</a>,
avoiding the trouble of the first connection.
</p>

<hr/>

<h3>Easy protection</h3>

<p>
Such protection is easy to deploy and without .<br/>
Broken service is unexpected or could be fixed in a small time range.<br/>
Using such protection is a clear sign the service try to protect you.
</p>

<hr/>

<h4 id="aead">
<%= rank_label :C %>
Authentificated Encryption with Authenticated Data (AEAD)
</h4>

<p>
Since 2014, TLS (and SSL) suffers of
<a href="https://www.imperialviolet.org/2014/12/08/poodleagain.html" target="_blank">PODDLE</a>
vulnerability on the way padding is done during TLS handshake.
An attacker can play with this encrypted padding to guess underlying plain
data.<br/>

Any <%= wikipedia_link_to 'cipher mode operation', 'Block_cipher_mode_of_operation' %>
other than <%= wikipedia_link_to 'AEAD', 'Authenticated_encryption' %> is
vulnerable to this attack.
</p>

<p>
In practice, POODLE is a serious flaw for SSLv2/v3, which must be avoided
in all cases, but also for TLSv1.0/1.1.<br/>
Service operators must support AEAD cipher suite as soon as possible, to
avoid trouble when practical attack will be found on POODLE on TLS.<br/>
Such cipher suite is only available on TLSv1.2, so operators must disable
TLSv1.0 now, and TLSv1.1 as soon as possible.
</p>

<hr/>

<h4 id="scsv">
<%= rank_label :C %>
TLS Fallback Signaling Cipher Suite Value (SCSV)
</h4>

<p>
SCSV, specify in <%= rfc_link_to 7507 %> is a TLS extension to allow a
client to signal to the server a previous hanshake attempt with higher TLS
version was done, but unsuccessfully.<br/>
This way, the server can detect a downgrade attack on the line, because
supporting better than the current TLS version.<br/>
Without this signaling value, the server has no way to distinguish between
a client supporting TLSv1.2 but downgraded to TLSv1.1 and a client TLSv1.1
only.<br/>
For example, this feature allows blocking of downgrade attack from TLSv1.2
(AEAD & PFS) to TLSv1.0 (nor AEAD nor PFS) to exploit POODLE vulnerability
more easily.
</p>

<p>
To activate SCSV, you just need a decent OpenSSL version (1.0.1j+).
LibreSSL currently doesn't have support for this.
</p>

<hr/>

<h2>Weaknesses</h2>
<h3>Future weakness</h3>

<p>
This kind of weakness is theorical vulnerability but without practical
attack or with too much side effects to be able to patch it.
</p>

<hr/>

<h3>Current weakness</h3>

<p>
Such weakness knows practical attacks to break encryption.
Using such features is hightly discourage, and operators must take quick
actions to remove them.
</p>

<hr/>

<h4 id="tlsv1.0">
<%= rank_label :F %>
TLSv1.0
</h4>

<p>
TLSv1.0 is vulnerable to
</p>

<hr/>

<!--
<h4 id="pfs">
<%= rank_label :F %>
Perfect Forward Secrecy (PFS)
</h4>

<p>
<%= wikipedia_link_to 'PFS', 'Forward_secrecy' %> is
</p>

<hr/>
-->

<h3>Deprecated feature</h3>

<hr/>

<h4 id="ssl">
<%= rank_label :G %>
SSLv2, SSLv3
</h4>

<p>
SSLv2 and SSLv3 are deprecated SSL protocol version.<br/>
Pratical attacks exist to decrypt SSL encrypted traffic to plain text in
some minutes with standard computer.
For SSLv3, it's
<a href="https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html" target="_blank">POODLE</a>
again.
For SSLv2, it's was supposed to never be in production because too bad and
broken cryptography under the hood.
<a href="https://drownattack.com/" target="_blank">DROWN</a> vulnerability
allows an attacker to decrypt encrypted traffic (even TLSv1.2!) as soon as
one of the servers used for the service supports SSLv2 with the same key.
</p>

<hr/>

<!--
<h4 id="rc4">
<%= rank_label :G %>
RC4
</h4>

<p>
<%= wikipedia_link_to 'RC4', 'RC4' %> is a stream cipher, recently known to
have
</p>

<hr/>
-->

<h4 id="sha1">
<%= rank_label :E %>&nbsp;<%= rank_label :G %>
SHA-1
<span class="small">incoming feature for HMAC</span>
</h4>

<p>
<%= wikipedia_link_to 'SHA-1', 'SHA-1' %> is a cryptographic hash function
used in TLS cipher suite.
<a href="https://shattered.io/" target="_blank">It was broken</a> in 2016.
</p>

<p>
SHA-1 is used in two parts of the handshake.<br/>
For <%= wikipedia_link_to 'HMAC', 'Hash-based_message_authentication_code' %>,
which protect each messages exchanged during handshake. Because lifetime of
such HMAC is very short (TCP/IP round trip), SHA-1 collision is not a real
trouble on this part.<br/>
For key exchange and authentication. Each certificate is signed by the issuer
certificate using a digest.
In this case, if SHA-1 digest is used and because certificate lifetime is
long (years to decades), collision on digest could allow an attacker to
forge a rogue certificate which match the real certificate digest, and so
to impersonate the TLS service behind.
</p>

<p>
SHA-1 signed certificates must be banned.<br/>
SHA-1 HMAC is currently quite safe, but operators must take action to ensure
SHA-2 compatibility with clients in case if SHA-1 must be revoked even for
HMAC.
</p>

<hr/>

<h4 id="digest">
<%= rank_label :G %>
MD-5, MD-4, MD-2, MDC-2
</h4>

<p>
MD-5, MD-4, MD-2 and MDC-2 are completely broken hash function.
Just don't use it.
</p>

<h4 id="compression">
<%= rank_label :G %>
Compression
<span class="small">incoming feature</span>
</h4>

<p>
With TLS compression activated, some oracle attacks allow to decrypt the
content.
For example the
<a href="https://arstechnica.com/information-technology/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/" target="_blank">BREACH</a>
or
<a href="https://threatpost.com/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312/77006/" target="_blank">CRIME</a>
attacks.
</p>

<p>
TLS compression must be disabled on the service.
</p>

+ 33
- 34
app/views/site/_scoring.html.erb View File

@@ -19,8 +19,8 @@
the client and the server.
This is the case if the attacker is connected on the same network as the
client (hotspot, 3G…) with simple
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>,
doable with tools like
<%= wikipedia_link_to 'ARP spoofing', 'ARP_spoofing' %>, doable with tools
like
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/>
</p>

@@ -37,22 +37,22 @@
<tr>
<th rowspan="2">Score</th>
<td rowspan="2"></td>
<td colspan="3">Protection</td>
<td colspan="3">Weakness</td>
<th colspan="3">Protection</th>
<th colspan="3">Weakness</th>
</tr>
<tr>
<td>Best</td>
<td>Great</td>
<td>Good</td>
<th>Hard</th>
<th>Medium</th>
<th>Easy</th>

<td>Future</td>
<td>Weak</td>
<td>Deprecated</td>
<th>Future</th>
<th>Weak</th>
<th>Deprecated</th>
</tr>
</thead>
<tbody>
<tr>
<th><%= rank_label :'A+' %></th>
<td><%= rank_label :'A+' %></td>
<td class="left">
Seriously take security into account and invest a lot on it.<br/>
Whatever the cost, encryption safety is implemented.
@@ -66,7 +66,7 @@
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :A %></th>
<td><%= rank_label :A %></td>
<td class="left">
Seriously take security into account and invest a lot on it.
</td>
@@ -78,7 +78,7 @@
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'B+' %></th>
<td><%= rank_label :'B+' %></td>
<td class="left">
Seriously take security into account and invest on it.
</td>
@@ -90,7 +90,7 @@
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :B %></th>
<td><%= rank_label :B %></td>
<td class="left">
Take security into account and invest on it.
</td>
@@ -102,7 +102,7 @@
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'C+' %></th>
<td><%= rank_label :'C+' %></td>
<td class="left">
Take security into account and invest a little on it.
</td>
@@ -114,7 +114,7 @@
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :C %></th>
<td><%= rank_label :C %></td>
<td class="left">
Take security into account but don't spend too much for it.
</td>
@@ -126,7 +126,7 @@
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :D %></th>
<td><%= rank_label :D %></td>
<td class="left">
Take security into account. Minimaly.<br/>
This is the worst score a decent service must have today.
@@ -139,7 +139,7 @@
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :E %></th>
<td><%= rank_label :E %></td>
<td class="left">
Take security into account. A little. Or not.
</td>
@@ -151,7 +151,7 @@
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :F %></th>
<td><%= rank_label :F %></td>
<td class="left">
Just don't take security into account.
</td>
@@ -163,7 +163,7 @@
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :G %></th>
<td><%= rank_label :G %></td>
<td class="left">
Just don't take security into account at all.<br/>
What the fuck you do, dude?
@@ -176,7 +176,7 @@
<td><%= image_tag 'cross-red.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'0' %></th>
<td><%= rank_label :'0' %></td>
<td class="left">
No security at all. Just plain text.<br/>
Seriously, in <%= Date.today.year %>?
@@ -184,14 +184,14 @@
<td colspan="6"></td>
</tr>
<tr>
<th><%= rank_label :V %></th>
<td><%= rank_label :V %></td>
<td class="left">
Invalid certificate (wrong domain, expired…)
</td>
<td colspan="6"></td>
</tr>
<tr>
<th><%= rank_label :T %></th>
<td><%= rank_label :T %></td>
<td class="left">
Unstrusted certificate. Not issued by a trusted
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>.
@@ -199,7 +199,7 @@
<td colspan="6"></td>
</tr>
<tr>
<th><%= rank_label :X %></th>
<td><%= rank_label :X %></td>
<td class="left">
Error occurs during the analysis. Try again later?
</td>
@@ -214,9 +214,9 @@
<%= image_tag 'check-full.svg' %> Fully implemented
<%= image_tag 'check-empty.svg' %> Partially implemented<br/>

Good: simple to implement, small protection<br/>
Great: quiet hard to implement, middle protection<br/>
Best: hard to implement, strong protection
Easy: simple to implement, small protection<br/>
Medium: quiet hard to implement, middle protection<br/>
Hard: hard to implement, strong protection
</td>
<td>
For weakness:<br/>
@@ -232,15 +232,14 @@

<p>
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/>
<%= wikipedia_link_to 'opportunistic encryption', 'Opportunistic_TLS' %>.<br/>
When you send an email, the server used to forward the mail (the
<a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>) to
the recipient has no way to guess in advance if recipient MTA supports or
not encryption and which cipher suite will be available.
<%= wikipedia_link_to 'MTA', 'Message_transfer_agent' %> to the recipient
has no way to guess in advance if recipient MTA supports or not encryption
and which cipher suite will be available.
To avoid your email returning to you in case of failure, the standard for
email encryption (<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>)
requires to retry <b>in plain text</b> in case of encryption handshake
failure.<br/>
email encryption (<%= rfc_link_to 3207 %>) requires to retry
<b>in plain text</b> in case of encryption handshake failure.<br/>
So, for SMTP, there is a compromise to make between strong configuration,
leading to plain text fallback for old or badly configured MTA, and
compatibility with such MTA to use weak encryption better than plain text

+ 2
- 4
app/views/site/about.html.erb View File

@@ -69,13 +69,11 @@

<p id="contribute">
Bitcoin <a href="bitcoin:1aerisnnLWPchhDSXpxWGYWwLiSFUVFnd?label=cryptcheck">1aerisnnLWPchhDSXpxWGYWwLiSFUVFnd</a><br/>
<a id="bitcoin" href="bitcoin:1aerisnnLWPchhDSXpxWGYWwLiSFUVFnd?label=cryptcheck">
<%= image_tag 'bitcoin.png', alt: 'Donate using Bitcoin' %>
</a>
<a id="bitcoin" href="bitcoin:1aerisnnLWPchhDSXpxWGYWwLiSFUVFnd?label=cryptcheck"><%= image_tag 'bitcoin.png', alt: 'Donate using Bitcoin' %></a>
<br/>

Liberapay, for recurring donation, require a account (but respect your privacy)<br/>
<a id="liberapay" href="https://liberapay.com/aeris/donate" target="_blank"><%= image_tag 'donate.svg', alt: 'Donate using Liberapay' %></a>
<a id="liberapay" href="https://liberapay.com/aeris/donate" target="_blank"><%= image_tag 'liberapay.svg', alt: 'Donate using Liberapay' %></a>
<br/>

Donorbox, for recurring and one-shot donation, doesn't require an account<br/>

+ 6
- 1
app/views/site/help.html.erb View File

@@ -1,7 +1,12 @@
<div id="help" class="container">
<div class="row">
<div class="scoring row">
<div class="col-sm-12">
<%= render partial: 'scoring' %>
</div>
</div>
<div class="checks row">
<div class="col-sm-12">
<%= render partial: 'checks' %>
</div>
</div>
</div>

Loading…
Cancel
Save