Most people never need to mess-around with cipher suites,
but if you do, it can be quite confusing to figure out their cryptic names. For
example, what’s the difference between TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_256_GCM_SHA384
or what is the difference between the 1st, 2nd and 3rd
“256” in TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA256_P256?
If you ever wondered what this all means, I got the answers!
The Cipher Suite name is comprised of the following pieces
(some suites have less pieces):
1)
The protocol
2)
The Key Exchange
3)
The Digital Signature
4)
The Encryption (Cipher)
5)
The encryption key length
6)
The encryption mode
7)
The Hashing algorithm
8)
The Elliptic Curve size
Let’s review what they mean, and what possible values you
could find.
Protocol
The protocol is the most important value, and it can have
two possible values – SSL and TLS. SSL is a family of older protocols starting
from SSL 1 and going up to SSL 3. While most computer still support it, even
the latest one (3) has significant vulnerabilities, so it’s rarely used anymore
and many server explicitly de-prioritize or disable it. The TLS family of protocols
has 3 members – 1.0, 1.1 and 1.2 and like anything else, most people (and the
servers they configure) prefer the latest member. At this time, 1.2 is the
latest, and version 1.3 has had its draft published a few months ago. We can
expect to start seeing it in public use within a year or two. Cipher suites don’t
actually list the version of the protocol and just state TLS or SSL, with the
version number being suggested by the client to the server separately.
Key Exchange
The key exchange algorithm controls how the client gives the
server the symmetric key that will be used for the session. The common key
exchange families are RSA and DH (Diffie-Helman). DH has several variations
like ECDH (Elliptic-Curve DH), DHE (DH Ephemeral) and ECDHE (both
Elliptic-curve and Ephemeral). Windows Servers usually prefer Diffie-Helman’s
exchanges, and the typical priority list for cipher suits will list them almost
exclusively.
Digital Signature
The Digital Signature makes sure that the data exchanged
between client and server is protected from forgery or alteration. The common
algorithms are RSA, ECDSA and DSS. Several cipher suites use RSA for both Key
Exchange AND Digital Signature, and so their name would list RSA only once. For
example:
TLS_RSA_WITH_AES_128_CBC_SHA
Encryption (Cipher) and key length
The Encryption algorithm is about how the data actually gets
scrambled, and is always paired with a key length between 128 and 256 bit. AES
is pretty much ubiquitous these days, though RC4 was in use for many years and
still shows up not-and-then. You can sometimes see 3DES (a.k.a. “Triple-DES”),
and when using non-windows platforms, occasionally others. A key length of 256
bit might seem low when comparing it to the 1024 bits (or more) used in
generating digital certificates, but in reality, symmetric encryption is
stronger and thus a 1024 bit key for a certificate (asymmetric encryption) is
equivalent to a 80 bit key for symmetric encryption. That means that a 128 bit
key is pretty darn good, and a 256 bit key is terrific…we are many decades away
from anyone (even the NSA or quantum computers) having the ability to
brute-force his way through a 256 bit symmetric key. Since 256 is still much
stronger than 128, the default cipher priority order on any computer favors 256
over lower lengths.
Encryption mode
The encryption mode is actually an extension, so it’s optional
and not all suites specify one. For example, RC4 doesn’t offer advanced
encryption modes and therefore none are listed. AES does, and so the default
list of suites includes CBC and GCM as the primary modes, and using GCM offers
better security as it implements several technologies to protect message
integrity (so does CBC, but GCM is better)
Hashing algorithm
Hashing benefits security by preventing tampering with the
encrypted data. Changing the data invalidates the data’s hash, thus alerting
the recipient that the data has been tampered with. SHA (Secure Hash Algorithm)
is a family of cryptographic hash functions published by the National Institute
of Standards and Technology (NIST) as a U.S. Federal Information Processing
Standard (FIPS). The number following SHA is the Output size in bits. The
bigger the hash, the harder it is to brute-force, hence it’s more secure and
preferred.
Elliptic Curve size
Some Key Exchange algorithms use Elliptic Curves, which are
easier to calculate. This can provide higher security as the same CPU power can
generate better encryption in less time. When Elliptic Curves are used, the
suite specifies the curves and adds “P” to differentiate from the encryption
algorithm’s key length. When looking at the cipher suites, those without Elliptics
won’t list the curves
Ready to see this in real life? Have a look at the following
list of suites built-into Windows 2012 R2 and see if you identify the
properties of the suites and how they differ:
Posts
No comments:
Post a Comment