You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

258 lines
8.1 KiB

<h1>Scoring</h1>
<p>
Currently, CryptCheck gives note from <%= rank_label :G %> for the
worst sites to <%= rank_label :'A+' %> for the best ones.
</p>
<p>
Scoring is based on the fact that TLS handshake is <b>not</b> authenticated,
and so an attacker can force to use whatever cipher he wants as soon as both
client and server support it, with a downgrade attack as simple as modify
TCP packets on the fly.
</p>
<p>
Such downgrade attack doesn't require heavy resources and can be made with
standard computer or phone.<br/>
The only difficult part is to be in position to modify the traffic between
the client and the server.
This is the case if the attacker is connected on the same network as the
client (hotspot, 3G…) with simple
<a href="https://en.wikipedia.org/wiki/ARP_spoofing">ARP spoofing</a>,
doable with tools like
<a href="https://forum.xda-developers.com/showthread.php?t=1593990">Droid Sheep</a>.<br/>
</p>
<p>
As client support can't be guessed, CryptCheck considers the <b>weakest</b>
suite supported server side.
This way, a connection to the scored service can't lead to a negociated
handshake with a worse score than the one given to the service, whatever
your client supports and whatever an attacker is present or not.
</p>
<table class="scoring table table-bordered table-condensed center table-striped">
<thead>
<tr>
<th rowspan="2">Score</th>
<td rowspan="2"></td>
<td colspan="3">Protection</td>
<td colspan="3">Weakness</td>
</tr>
<tr>
<td>Best</td>
<td>Great</td>
<td>Good</td>
<td>Future</td>
<td>Weak</td>
<td>Deprecated</td>
</tr>
</thead>
<tbody>
<tr>
<th><%= rank_label :'A+' %></th>
<td class="left">
Seriously take security into account and invest a lot on it.<br/>
Whatever the cost, encryption safety is implemented.
You can be proud!
</td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :A %></th>
<td class="left">
Seriously take security into account and invest a lot on it.
</td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'B+' %></th>
<td class="left">
Seriously take security into account and invest on it.
</td>
<td></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :B %></th>
<td class="left">
Take security into account and invest on it.
</td>
<td></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'C+' %></th>
<td class="left">
Take security into account and invest a little on it.
</td>
<td></td>
<td></td>
<td><%= image_tag 'check-full.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :C %></th>
<td class="left">
Take security into account but don't spend too much for it.
</td>
<td></td>
<td></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :D %></th>
<td class="left">
Take security into account. Minimaly.<br/>
This is the worst score a decent service must have today.
</td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :E %></th>
<td class="left">
Take security into account. A little. Or not.
</td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'cross-red.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :F %></th>
<td class="left">
Just don't take security into account.
</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'cross-red.svg' %></td>
<td><%= image_tag 'check-empty.svg' %></td>
</tr>
<tr>
<th><%= rank_label :G %></th>
<td class="left">
Just don't take security into account at all.<br/>
What the fuck you do, dude?
</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td><%= image_tag 'cross-red.svg' %></td>
</tr>
<tr>
<th><%= rank_label :'0' %></th>
<td class="left">
No security at all. Just plain text.<br/>
Seriously, in <%= Date.today.year %>?
</td>
<td colspan="6"></td>
</tr>
<tr>
<th><%= rank_label :V %></th>
<td class="left">
Invalid certificate (wrong domain, expired…)
</td>
<td colspan="6"></td>
</tr>
<tr>
<th><%= rank_label :T %></th>
<td class="left">
Unstrusted certificate. Not issued by a trusted
<a href="https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport">certificate authority</a>.
</td>
<td colspan="6"></td>
</tr>
<tr>
<th><%= rank_label :X %></th>
<td class="left">
Error occurs during the analysis. Try again later?
</td>
<td colspan="6"></td>
</tr>
</tbody>
</table>
<table class="scoring table table-bordered table-condensed">
<tr>
<td>
For protection:<br/>
<%= image_tag 'check-full.svg' %> Fully implemented
<%= image_tag 'check-empty.svg' %> Partially implemented<br/>
Good: simple to implement, small protection<br/>
Great: quiet hard to implement, middle protection<br/>
Best: hard to implement, strong protection
</td>
<td>
For weakness:<br/>
<%= image_tag 'check-empty.svg' %> Not vulnerable
<%= image_tag 'cross-red.svg' %> Vulnerable<br/>
Future: known weakness, but no practical attack known<br/>
Weak: known weakness, pratical attack exist<br/>
Deprecated: known weakness, merely equivalent or equal to plain text
</td>
</tr>
</table>
<p>
<i>Note</i>: Unlike HTTPS or XMPP, SMTP uses
<a href="https://en.wikipedia.org/wiki/Opportunistic_TLS">opportunistic encryption</a>.<br/>
When you send an email, the server used to forward the mail (the
<a href="https://en.wikipedia.org/wiki/Message_transfer_agent">MTA</a>) to
the recipient has no way to guess in advance if recipient MTA supports or
not encryption and which cipher suite will be available.
To avoid your email returning to you in case of failure, the standard for
email encryption (<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>)
requires to retry <b>in plain text</b> in case of encryption handshake
failure.<br/>
So, for SMTP, there is a compromise to make between strong configuration,
leading to plain text fallback for old or badly configured MTA, and
compatibility with such MTA to use weak encryption better than plain text
but allowing downgrade attack on stronger MTA.<br/>
Given email is a real nightmare for security, with multiple way to force a
connection to fallback to plain text
(<a href="https://www.eff.org/fr/deeplinks/2014/11/starttls-downgrade-attacks">STARTTLS stripping</a>,
<a href="https://labs.ripe.net/Members/stephane_bortzmeyer/dns-censorship-dns-lies-seen-by-atlas-probes">MX lying</a>…),
CryptCheck scores SMTP as HTTPS or XMPP and doesn't care about compatibility
trouble. This way, weak people are still weak, but strong people can (not
too much) hope strong encryption under normal condition.<br/>
Be advice than strong score here for SMTP means compatibility troubles.
Or fucked service which doesn't take care of your security.
I don't know, you turn to judge.
</p>