Thursday, October 2, 2014

Reading between the lines

Most people never need to mess-around with cipher suites, but if you do, it can be quite confusing to figure out their cryptic names. For example, what’s the difference between TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_256_GCM_SHA384 or what is the difference between the 1st, 2nd and 3rd “256” in TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256_P256?
If you ever wondered what this all means, I got the answers!
The Cipher Suite name is comprised of the following pieces (some suites have less pieces):
1)      The protocol
2)      The Key Exchange
3)      The Digital Signature
4)      The Encryption (Cipher)
5)      The encryption key length
6)      The encryption mode
7)      The Hashing algorithm
8)      The Elliptic Curve size
Let’s review what they mean, and what possible values you could find.
The protocol is the most important value, and it can have two possible values – SSL and TLS. SSL is a family of older protocols starting from SSL 1 and going up to SSL 3. While most computer still support it, even the latest one (3) has significant vulnerabilities, so it’s rarely used anymore and many server explicitly de-prioritize or disable it. The TLS family of protocols has 3 members – 1.0, 1.1 and 1.2 and like anything else, most people (and the servers they configure) prefer the latest member. At this time, 1.2 is the latest, and version 1.3 has had its draft published a few months ago. We can expect to start seeing it in public use within a year or two. Cipher suites don’t actually list the version of the protocol and just state TLS or SSL, with the version number being suggested by the client to the server separately.
Key Exchange
The key exchange algorithm controls how the client gives the server the symmetric key that will be used for the session. The common key exchange families are RSA and DH (Diffie-Helman). DH has several variations like ECDH (Elliptic-Curve DH), DHE (DH Ephemeral) and ECDHE (both Elliptic-curve and Ephemeral). Windows Servers usually prefer Diffie-Helman’s exchanges, and the typical priority list for cipher suits will list them almost exclusively.
Digital Signature
The Digital Signature makes sure that the data exchanged between client and server is protected from forgery or alteration. The common algorithms are RSA, ECDSA and DSS. Several cipher suites use RSA for both Key Exchange AND Digital Signature, and so their name would list RSA only once. For example:
Encryption (Cipher) and key length
The Encryption algorithm is about how the data actually gets scrambled, and is always paired with a key length between 128 and 256 bit. AES is pretty much ubiquitous these days, though RC4 was in use for many years and still shows up not-and-then. You can sometimes see 3DES (a.k.a. “Triple-DES”), and when using non-windows platforms, occasionally others. A key length of 256 bit might seem low when comparing it to the 1024 bits (or more) used in generating digital certificates, but in reality, symmetric encryption is stronger and thus a 1024 bit key for a certificate (asymmetric encryption) is equivalent to a 80 bit key for symmetric encryption. That means that a 128 bit key is pretty darn good, and a 256 bit key is terrific…we are many decades away from anyone (even the NSA or quantum computers) having the ability to brute-force his way through a 256 bit symmetric key. Since 256 is still much stronger than 128, the default cipher priority order on any computer favors 256 over lower lengths.
Encryption mode
The encryption mode is actually an extension, so it’s optional and not all suites specify one. For example, RC4 doesn’t offer advanced encryption modes and therefore none are listed. AES does, and so the default list of suites includes CBC and GCM as the primary modes, and using GCM offers better security as it implements several technologies to protect message integrity (so does CBC, but GCM is better)
Hashing algorithm
Hashing benefits security by preventing tampering with the encrypted data. Changing the data invalidates the data’s hash, thus alerting the recipient that the data has been tampered with. SHA (Secure Hash Algorithm) is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS). The number following SHA is the Output size in bits. The bigger the hash, the harder it is to brute-force, hence it’s more secure and preferred.
Elliptic Curve size
Some Key Exchange algorithms use Elliptic Curves, which are easier to calculate. This can provide higher security as the same CPU power can generate better encryption in less time. When Elliptic Curves are used, the suite specifies the curves and adds “P” to differentiate from the encryption algorithm’s key length. When looking at the cipher suites, those without Elliptics won’t list the curves
Ready to see this in real life? Have a look at the following list of suites built-into Windows 2012 R2 and see if you identify the properties of the suites and how they differ:

No comments: