You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

help.html.erb 8.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257
  1. <div id="help" class="container">
  2. <div class="row">
  3. <div class="col-sm-12">
  4. <h1>Scoring</h1>
  5. <p>
  6. Currently, CryptCheck gives note from <%= rank_label :G %> for the
  7. worst sites to <%= rank_label :'A+' %> for the best ones.
  8. </p>
  9. <p>
  10. Scoring is based on the fact that TLS handshake is <b>not</b>
  11. authenticated, and so an attacker can force to use whatever
  12. cipher he wants as soon as both client and server support it,
  13. with a downgrade attack as simple as modify TCP packets on the
  14. fly.
  15. </p>
  16. <p>
  17. Such downgrade attack doesn't require heavy resources and can be
  18. made with standard computer or phone.<br/>
  19. The only difficult part is to be in position to modify the
  20. traffic between the client and the server.
  21. This is the case if the attacker is connected on the same network
  22. as the client (hotspot, 3G…) with simple
  23. <a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>,
  24. doable with tools like
  25. <a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/>
  26. </p>
  27. <p>
  28. As client support can't be guessed, CryptCheck considers the
  29. <b>weakest</b> suite supported server side.
  30. This way, a connection to the scored service can't lead to a
  31. negociated handshake with a worse score than the one given to
  32. the service, whatever your client supports and whatever an
  33. attacker is present or not.
  34. </p>
  35. <table class="scoring table table-bordered table-condensed center table-striped">
  36. <thead>
  37. <tr>
  38. <th rowspan="2">Score</th>
  39. <td rowspan="2"></td>
  40. <td colspan="3">Protection</td>
  41. <td colspan="3">Weakness</td>
  42. </tr>
  43. <tr>
  44. <td>Best</td>
  45. <td>Great</td>
  46. <td>Good</td>
  47. <td>Future</td>
  48. <td>Weak</td>
  49. <td>Deprecated</td>
  50. </tr>
  51. </thead>
  52. <tbody>
  53. <tr>
  54. <th><%= rank_label :'A+' %></th>
  55. <td class="left">
  56. Seriously take security into account and invest a lot on it.<br/>
  57. Whatever the cost, encryption safety is implemented.
  58. You can be proud!
  59. </td>
  60. <td><%= image_tag 'check-full.svg' %></td>
  61. <td><%= image_tag 'check-full.svg' %></td>
  62. <td><%= image_tag 'check-full.svg' %></td>
  63. <td><%= image_tag 'check-empty.svg' %></td>
  64. <td><%= image_tag 'check-empty.svg' %></td>
  65. <td><%= image_tag 'check-empty.svg' %></td>
  66. </tr>
  67. <tr>
  68. <th><%= rank_label :A %></th>
  69. <td class="left">
  70. Seriously take security into account and invest a lot on it.
  71. </td>
  72. <td><%= image_tag 'check-empty.svg' %></td>
  73. <td><%= image_tag 'check-full.svg' %></td>
  74. <td><%= image_tag 'check-full.svg' %></td>
  75. <td><%= image_tag 'check-empty.svg' %></td>
  76. <td><%= image_tag 'check-empty.svg' %></td>
  77. <td><%= image_tag 'check-empty.svg' %></td>
  78. </tr>
  79. <tr>
  80. <th><%= rank_label :'B+' %></th>
  81. <td class="left">
  82. Seriously take security into account and invest on it.
  83. </td>
  84. <td></td>
  85. <td><%= image_tag 'check-full.svg' %></td>
  86. <td><%= image_tag 'check-full.svg' %></td>
  87. <td><%= image_tag 'check-empty.svg' %></td>
  88. <td><%= image_tag 'check-empty.svg' %></td>
  89. <td><%= image_tag 'check-empty.svg' %></td>
  90. </tr>
  91. <tr>
  92. <th><%= rank_label :B %></th>
  93. <td class="left">
  94. Take security into account and invest on it.
  95. </td>
  96. <td></td>
  97. <td><%= image_tag 'check-empty.svg' %></td>
  98. <td><%= image_tag 'check-full.svg' %></td>
  99. <td><%= image_tag 'check-empty.svg' %></td>
  100. <td><%= image_tag 'check-empty.svg' %></td>
  101. <td><%= image_tag 'check-empty.svg' %></td>
  102. </tr>
  103. <tr>
  104. <th><%= rank_label :'C+' %></th>
  105. <td class="left">
  106. Take security into account and invest a little on it.
  107. </td>
  108. <td></td>
  109. <td></td>
  110. <td><%= image_tag 'check-full.svg' %></td>
  111. <td><%= image_tag 'check-empty.svg' %></td>
  112. <td><%= image_tag 'check-empty.svg' %></td>
  113. <td><%= image_tag 'check-empty.svg' %></td>
  114. </tr>
  115. <tr>
  116. <th><%= rank_label :C %></th>
  117. <td class="left">
  118. Take security into account but don't spend too much for it.
  119. </td>
  120. <td></td>
  121. <td></td>
  122. <td><%= image_tag 'check-empty.svg' %></td>
  123. <td><%= image_tag 'check-empty.svg' %></td>
  124. <td><%= image_tag 'check-empty.svg' %></td>
  125. <td><%= image_tag 'check-empty.svg' %></td>
  126. </tr>
  127. <tr>
  128. <th><%= rank_label :D %></th>
  129. <td class="left">
  130. Take security into account. Minimaly.<br/>
  131. This is the worst score a decent service must have today.
  132. </td>
  133. <td></td>
  134. <td></td>
  135. <td></td>
  136. <td><%= image_tag 'check-empty.svg' %></td>
  137. <td><%= image_tag 'check-empty.svg' %></td>
  138. <td><%= image_tag 'check-empty.svg' %></td>
  139. </tr>
  140. <tr>
  141. <th><%= rank_label :E %></th>
  142. <td class="left">
  143. Take security into account. A little. Or not.
  144. </td>
  145. <td></td>
  146. <td></td>
  147. <td></td>
  148. <td><%= image_tag 'cross-red.svg' %></td>
  149. <td><%= image_tag 'check-empty.svg' %></td>
  150. <td><%= image_tag 'check-empty.svg' %></td>
  151. </tr>
  152. <tr>
  153. <th><%= rank_label :F %></th>
  154. <td class="left">
  155. Just don't take security into account.
  156. </td>
  157. <td></td>
  158. <td></td>
  159. <td></td>
  160. <td></td>
  161. <td><%= image_tag 'cross-red.svg' %></td>
  162. <td><%= image_tag 'check-empty.svg' %></td>
  163. </tr>
  164. <tr>
  165. <th><%= rank_label :G %></th>
  166. <td class="left">
  167. Just don't take security into account at all.<br/>
  168. What the fuck you do, dude?
  169. </td>
  170. <td></td>
  171. <td></td>
  172. <td></td>
  173. <td></td>
  174. <td></td>
  175. <td><%= image_tag 'cross-red.svg' %></td>
  176. </tr>
  177. <tr>
  178. <th><%= rank_label :V %></th>
  179. <td class="left">
  180. Invalid certificate (wrong domain, expired…)
  181. </td>
  182. <td colspan="6"></td>
  183. </tr>
  184. <tr>
  185. <th><%= rank_label :T %></th>
  186. <td class="left">
  187. Unstrusted certificate. Not issued by a trusted
  188. <a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>.
  189. </td>
  190. <td colspan="6"></td>
  191. </tr>
  192. </tbody>
  193. </table>
  194. <table class="scoring table table-bordered table-condensed">
  195. <tr>
  196. <td>
  197. For protection:<br/>
  198. <%= image_tag 'check-full.svg' %> Fully implemented
  199. <%= image_tag 'check-empty.svg' %> Partially implemented<br/>
  200. Good: simple to implement, small protection<br/>
  201. Great: quiet hard to implement, middle protection<br/>
  202. Best: hard to implement, strong protection
  203. </td>
  204. <td>
  205. For weakness:<br/>
  206. <%= image_tag 'check-empty.svg' %> Not vulnerable
  207. <%= image_tag 'cross-red.svg' %> Vulnerable<br/>
  208. Future: known weakness, but no practical attack known<br/>
  209. Weak: known weakness, pratical attack exist<br/>
  210. Deprecated: known weakness, merely equivalent or equal to plain text
  211. </td>
  212. </tr>
  213. </table>
  214. <p>
  215. <i>Note</i>: Unlike HTTPS or XMPP, SMTP uses
  216. <a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/>
  217. When you send an email, the server used to forward the mail
  218. (the <a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>)
  219. to the recipient has no way to guess in advance if recipient MTA
  220. supports or not encryption and which cipher suite will be
  221. available.
  222. To avoid your email returning to you in case of failure, the
  223. standard for email encryption
  224. (<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>)
  225. requires to retry <b>in plain text</b> in case of encryption
  226. handshake failure.<br/>
  227. So, for SMTP, there is a compromise to make between strong
  228. configuration, leading to plain text fallback for old or badly
  229. configured MTA, and compatibility with such MTA to use weak
  230. encryption better than plain text but allowing downgrade attack
  231. on stronger MTA.<br/>
  232. Given email is a real nightmare for security, with multiple way
  233. to force a connection to fallback to plain text
  234. (<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>,
  235. <a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…),
  236. CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about
  237. compatibility trouble. This way, weak people are still weak, but
  238. strong people can (not too much) hope strong encryption under
  239. normal condition.<br/>
  240. Be advice than strong score here for SMTP means compatibility
  241. troubles.
  242. Or fucked service which doesn't take care of your security.
  243. I don't know, you turn to judge.
  244. </p>
  245. </div>
  246. </div>
  247. </div>