SSL And TLS Attacks | Weak Ciphers


SSL And TLS Attacks | Weak Ciphers

Both SSL and TLS protocols works on the basis of Public Key Infrastructure (PKI) and commonly includes key exchange algorithm to handle security. Apart from just CA authority the strength of SSL cipher depends on length of key, encryption algorithm used to encipher data and Message Authentication Code (also known as SSL MAC). In this post we will have our look on how key length could effect on cipher strength. So depending on the length of initial key generated for data exchange during SSL and TLS communication, ciphers can be divided into following categories.


Null Security Ciphers:
As name suggests these ciphers do not provide any security since there's no encryption.
Weak Security Ciphers:
All ciphers with key length less than 128 bits fall under this category. Ciphers using Diffie Hellman algorithm for key exchange are also considered as weak security ciphers since they are vulnerable to man-in-the-middle-attack.
Strong Security Ciphers:
Ciphers with key length more than 128 bits and less than 256 bits are considered as strong security ciphers.
Super Strong Ciphers:
Keys in this ciphers use 256 bit keys with AES encryption. These are considered as highly secured and used by high octane organizations and research institutes.
As discussed in our previous post ciphers are actually decided with the help of Cipher suites defined to encipher data. At present there are more than 30 different cipher suites used to encipher data out of which only following are considered as secure.
DH-DSS-AES128-SHA
DH-RSA-AES128-SHA
DHE-DSS-RCA-SHA
DHE-DSS-RC4-SHA
DHE-DSS-AES128-SHA
DHE-RSA-AES123-SHA
RC4-MD5
RC4-SHA
AES128-SHA
DES-CBC3-SHA
DH-DSS-AES256-SHA
DH-RSA-AES256-SHA
DHE-DSS-AES256-SHA
DHE-RSA-AES256-SHA
AES256-SHA
Rest all are classified under weak cipher suites. Each and every initial after hyphen represents an encryption algorithm for cipher suite.

Dangers Posed By Weak Ciphers:
The attacker can interrupt communication between client and server and downgrade connection to use HTTP instead of HTTPS. This can be done by ARP poisoning and using SSL strip by Moxie Marlin Spike.
The attacker can use hardware protocol analyzer to capture packets directly from wire and then decipher them.
If attacker is well knowledged with application and its working, he can actually code another program to change meaning of messages transferred during communication.
Tools That Can Be Used To Detect Weak Ciphers:
Foundstone SSL Digger and THC SSL Check are two awesome tools that can be used to check SSL cipher strengths. Both are easy install and go tools. Just input site name and they'll analyze site for weak SSL ciphers.

Countermeasures Against Weak SSL Cipher Attacks:
The best way to counter weal SSL Cipher attacks is to disable them. Check your server's how to or help pages to disable weak ciphers.

Comments

Post a Comment

Popular posts from this blog

Attacks Against Weak Token Generation

Attacks Against Weak Token Generation During our last post to this we discusses about basics of Session Management Attack which is also known as session hacking. In this post we will have a look on how you can attack weak token generation method to attack session management. Following are most common methods of generating weak tokens, Using meaningful tokens Predictable token generation Adding time dependent variations in tokens Now some important things before we discus real hack steps. In applications that use standard cookie mechanism for transmitting session tokens, it is easy to identify which item of data contains the token. In other cases it needs real brain work to identify them. Many web developers add extra tokens to cookies to fool hackers for example an application might add 14 tokens to yours browser's store, out of which only six are responsible for session management no matter what value other eight have only six of them will hand...
Read more

Some Terminologies You Should Know About Trojans

Image
Some Terminologies You Should Know About Trojans in this following post we will discus some most frequently used terminologies that we usually hear when word Trojan pops out. They are discussed here because after knowing them you'll be able to understand how attacker manages to circulate RAT server, hide its presence and also bypasses firewall rules. Over And Covert Channel: A channel here describes means of communication. An overt channel means legal, obvious or known where as covert means hidden and concealed. In other words overt means legal means of communication whereas covert means illegal means of communication. In technical terms overt channel follows rules by TCP/IP suite where as covert channel exploit weakness of TCP/IP model for illegal communication. Wrappers: Wrappers are programs that helps binding two files together. They can bind either multiple files of same extension or multiple files with multiple extension. Wrappers are ...
Read more

Nmap Scanning

Image
Nmap best known as hacker’s best friend may it be ethical or criminal is one of the best known network scanners available today. Today nearly each and every hacker uses nmap as network scanning tool and even pen-testing tools are bundled with Nmap as basic port scanning tool. Nmap can scan network, ports, services and also garb OS. This tutorial is written keeping this in mind that everyone should be able to grasp all commands and switches given in this tutorial in single reading. Do you think it’s impossible so why not give a try. First we divide switches into four types, 1.Synchronous Scans 2.Ping Scans 3.Time Scans 4.Output Type Synchronous Scan :All synchronous scans start with “-s”(without quotes), note that the ‘s’ denoting synchronous is not capital. Now a basic synchronous scan command is written as follows, nmap -s[synchronous scan type] ip_address ---------------------------------------------- -sT Synchronous TCP scan -sS Synchronous Stea...
Read more