Mailing List Archive: ssl_supported_ciphers.nasl issues?

ssl_supported_ciphers.nasl issues?

Apr 4, 2007, 11:44 AM

Post #1 of 9 (5433 views)

I was looking at the output of ssl_supported_ciphers.nasl and noticed
a couple of things... unless I'm not understanding something in the
plugin, which is possible.

First, the "Export Ciphers" category is pretty useless now (I think),
and only adds confusion to the output (I understand it's still
documented and technically exists, but it really has no meaning). I'd
recommend dropping it from the output.

Second, I think the cipher bit length checking in the code did not
match what was displayed in the output. For example, the output said
the category is:
Medium Strength Ciphers (128-bit key)
but the code said:
else if (nbits < 112) cat = MEDIUM_STRENGTH;

Patch below, if the changes are sane.

-Sullo

--

http://www.cirt.net/ | http://www.osvdb.org/

$ diff ssl_supported_ciphers.nasl new_ssl_supported_ciphers.nasl
41c41
< Reconfigure the affected application if possible to avoid use of
---
> If possible, reconfigure the affected application to avoid using
76d75
<
92,93d90
< EXPORT_STRENGTH = ++cat;
< labels[cat] = "Export Ciphers";
95c92
< labels[cat] = "Low Strength Ciphers (excluding export, < 128-bit key)";
---
> labels[cat] = "Low Strength Ciphers (< 128-bit key)";
407,408c404
< if (label =~ "\|export") cat = EXPORT_STRENGTH;
< else if (label =~ "Enc=None") cat = NULL_STRENGTH;
---
> if (label =~ "Enc=None") cat = NULL_STRENGTH;
418,419c414,415
< else if (nbits < 56) cat = LOW_STRENGTH;
< else if (nbits < 112) cat = MEDIUM_STRENGTH;
---
> else if (nbits < 128) cat = LOW_STRENGTH;
> else if (nbits == 128) cat = MEDIUM_STRENGTH;

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: ssl_supported_ciphers.nasl issues? [ In reply to ]

theall at tenablesecurity

Apr 5, 2007, 5:54 AM

Post #2 of 9 (5288 views)

On 04/04/07 14:44, Sullo wrote:

> I was looking at the output of ssl_supported_ciphers.nasl and noticed a
> couple of things... unless I'm not understanding something in the
> plugin, which is possible.
>
> First, the "Export Ciphers" category is pretty useless now (I think),
> and only adds confusion to the output (I understand it's still
> documented and technically exists, but it really has no meaning). I'd
> recommend dropping it from the output.

Good point. Done.

> Second, I think the cipher bit length checking in the code did not match
> what was displayed in the output. For example, the output said the
> category is:
> Medium Strength Ciphers (128-bit key)
> but the code said:
> else if (nbits < 112) cat = MEDIUM_STRENGTH;

Yes, you're right. I fixed the label to agree with the actual cutoffs in
the code.

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: ssl_supported_ciphers.nasl issues? [ In reply to ]

Apr 5, 2007, 6:56 AM

Post #3 of 9 (5259 views)

Thanks George.

Quoting "George A. Theall" <theall@tenablesecurity.com>:
>> Medium Strength Ciphers (128-bit key)
>> but the code said:
>> else if (nbits < 112) cat = MEDIUM_STRENGTH;
>
> Yes, you're right. I fixed the label to agree with the actual cutoffs
> in the code.

I'd still think the levels should change to:
labels[cat] = "Low Strength Ciphers (< 128-bit key)";
labels[cat] = "Medium Strength Ciphers (128-bit key)";
labels[cat] = "High Strength Ciphers (> 128-bit key)";

rather than:
labels[cat] = "Low Strength Ciphers (< 56-bit key)";
labels[cat] = "Medium Strength Ciphers (>= 56-bit and < 112-bit key)";
labels[cat] = "High Strength Ciphers (>= 112-bit key)";

From the OpenSSL help page:
http://www.openssl.org/docs/apps/ciphers.html
HIGH
``high'' encryption cipher suites. This currently means those with key
lengths larger than 128 bits, and some cipher suites with 128-bit keys.
MEDIUM
`medium'' encryption cipher suites, currently some of those using 128
bit encryption.
LOW
``low'' encryption cipher suites, currently those using 64 or 56 bit
encryption algorithms but excluding export cipher suites.

Regards
Sullo

--

http://www.cirt.net/ | http://www.osvdb.org/
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: ssl_supported_ciphers.nasl issues? [ In reply to ]

dennis.jackson at ndirect

Apr 5, 2007, 7:22 AM

Post #4 of 9 (5276 views)

The problem is the OpenSSL list is not continuous.
There are gaps in the ranges.

Where does 3DES fit? Is the 112-bit key Low or Medium?

----- Original Message -----
From: Sullo <sullo@cirt.net>
Sent: 05/04/2007 09:56:54
Subject: Re: [Plugins-writers] ssl_supported_ciphers.nasl issues?

> Thanks George.
>
> Quoting "George A. Theall" <theall@tenablesecurity.com>:
> >> Medium Strength Ciphers (128-bit key)
> >> but the code said:
> >> else if (nbits < 112) cat = MEDIUM_STRENGTH;
> >
> > Yes, you're right. I fixed the label to agree with the actual
> > cutoffs in the code.
>
> I'd still think the levels should change to:
> labels[cat] = "Low Strength Ciphers (< 128-bit key)";
> labels[cat] = "Medium Strength Ciphers (128-bit key)";
> labels[cat] = "High Strength Ciphers (> 128-bit key)";
>
> rather than:
> labels[cat] = "Low Strength Ciphers (< 56-bit key)";
> labels[cat] = "Medium Strength Ciphers (>= 56-bit and < 112-bit key)";
> labels[cat] = "High Strength Ciphers (>= 112-bit key)";
>
> From the OpenSSL help page:
> http://www.openssl.org/docs/apps/ciphers.html
> HIGH
> ``high'' encryption cipher suites. This currently means those with key
> lengths larger than 128 bits, and some cipher suites with 128-bit keys.
> MEDIUM
> `medium'' encryption cipher suites, currently some of those using 128
> bit encryption.
> LOW
> ``low'' encryption cipher suites, currently those using 64 or 56 bit
> encryption algorithms but excluding export cipher suites.
>
> Regards
> Sullo
>
> --
>
> http://www.cirt.net/ | http://www.osvdb.org/
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/plugins-writers

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: ssl_supported_ciphers.nasl issues? [ In reply to ]

mikhail at nessus

Apr 5, 2007, 8:23 AM

Post #5 of 9 (5262 views)

On Thu Apr 05 2007 at 15:56, Sullo wrote:

> I'd still think the levels should change to:
> labels[cat] = "Low Strength Ciphers (< 128-bit key)";

I disagree. Rough estimations tell that breaking by brute force a
80-bit long key is nearly impossible.
Breaking DES in 48 hours is possible... If you have a specialized
hardware which is much more expensive than a PC.

Breaking a 112 bit 3DES key by brute force is not much easier than
breaking a 128 bit Blowfish key -- both are impossible considering the
current technology.

> From the OpenSSL help page:
> http://www.openssl.org/docs/apps/ciphers.html
> HIGH

I wonder how OpenSSL chose this scale.
The ISO15408 norm (Common Criteria) uses such a scale for the
"strength of functions" and the "vulnerability analysis". CEM (Common
Evaluation Methodology) gives a set of table to compute the strength
of an attack. Using that, you'll find that DES is "medium".

--
http://www.bigfoot.com/~arboi http://ma75.blogspot.com/
PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91
Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA BA91

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: ssl_supported_ciphers.nasl issues? [ In reply to ]

Apr 5, 2007, 8:27 AM

Post #6 of 9 (5267 views)

Quoting Dennis Jackson <dennis.jackson@ndirect.co.uk>:
> The problem is the OpenSSL list is not continuous.
> There are gaps in the ranges.
>
> Where does 3DES fit? Is the 112-bit key Low or Medium?

For simplicity, I'd say < 128 == weak... unless someone wants to go
through cipher by cipher and categorize each one.

--

http://www.cirt.net/ | http://www.osvdb.org/
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: ssl_supported_ciphers.nasl issues? [ In reply to ]

mikhail at nessus

Apr 5, 2007, 8:56 AM

Post #7 of 9 (5254 views)

On Thu Apr 05 2007 at 17:27, Sullo wrote:

>> Where does 3DES fit? Is the 112-bit key Low or Medium?

> For simplicity, I'd say < 128 == weak...

3DES is definitely not weak. AFAIK, nobody can break that.

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: ssl_supported_ciphers.nasl issues? [ In reply to ]

Apr 5, 2007, 1:40 PM

Post #8 of 9 (5281 views)

Quoting Michel Arboi <mikhail@nessus.org>:

> On Thu Apr 05 2007 at 17:27, Sullo wrote:
>
>>> Where does 3DES fit? Is the 112-bit key Low or Medium?
>
>> For simplicity, I'd say < 128 == weak...
>
> 3DES is definitely not weak. AFAIK, nobody can break that.

I would agree.

I've been comparing with Foundstone's SSLDigger, which lists Weak as
< 128, Strong as 128-256, and Excellent > 256. One of our contracted
assessments used this & I was trying to figure out why no "weak"
ciphers were reported in Nessus when I tried to confirm... hence my
statement about using 128 a the water mark for "weak" -- I'm not sure
I care that much whether Nessus reports it as low or weak, now that
the 56 bit ones are not just reported as "export strength" :-)

--

http://www.cirt.net/ | http://www.osvdb.org/
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: ssl_supported_ciphers.nasl issues? [ In reply to ]

mikhail at nessus

Apr 5, 2007, 2:13 PM

Post #9 of 9 (5282 views)

On Thu Apr 05 2007 at 22:40, Sullo wrote:

> I've been comparing with Foundstone's SSLDigger, which lists Weak as
> < 128, Strong as 128-256, and Excellent > 256.

Such a scale is stupid. Can they break Skipjack (80 bits) or 3DES (112
bits)? Probably not. What is a weak unbreakable cipher?

A long key does not mean that the cipher is strong; but a short key is
definitely a weakness. The key length is only one factor for the
global strength. As soon as brute force attacks cannot be implemented,
the length is not relevant any more.

I'd say that "weak" is something that can be broken in a reasonable
time with a standard PC, "medium" something that needs dedicated
hardware or needs an unreasonable time, and "strong" anything that is
unbreakable by brute force, or with unreasonable means.
Medium would range from 56 to 64 bits currently (Distributed.net took
years to break RC5-64). 32 to 40 bits are "weak".
80 bits can probably be broken by dedicating huge amounts of CPU power
for years. Let's say that's the begining of "strong", ast least for
common usage. If you want to protect data during 50 years, then you
probably need another scale. Using longer keys is only a part of the
solution.

My $0.02

--
http://www.bigfoot.com/~arboi http://ma75.blogspot.com/
PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91
Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA BA91
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers