Day One:
- The Internet Threat Model. Man in the middle attacks typically classified as passive and active.
- Encryption used to not be used enough. FireSheep led to a lot of HTTPS stripping attacks. (SSLSTRIP). It was a Firefox browser extension.
- SSL Labs. Type in domain name and scan site gives rating for SSL report.
- Understanding encryption strength: Computationally secure simply means it takes too much time/effort to break. We measure cryptographic security in # of operations required to break something. 128 bits (2^128 ops) considered strong.
Computers get more and more powerful. They can break encryption keys in less time. Each key length bit doubles security. example: 128 bit key takes 10 years, 129 bit takes 20. There is no absolute security. Always conditional on the attacker and time.
Computers get more and more powerful. They can break encryption keys in less time. Each key length bit doubles security. example: 128 bit key takes 10 years, 129 bit takes 20. There is no absolute security. Always conditional on the attacker and time.
Determined adversary chooses where to attack and goes against the weakest link.
Cryptography is bypassed not broken. Implies that crypto is the strongest link. Don’t write your crypto libraries, don’t design your own primitives or protocols and follow industry best practices.
Protocol history: SSL 2 released in 1994.
Forward Secrecy: Compromises of long-term keys must not be lead to compromise of past conversations. Today considered vital but that is a recent development. Optional in TLS 1.2 - RSA key exchange creates a link with server key. Session resumption using tickets creates a link with ticket key.
The only option in TLS 1.3.
Key size:
Minimum RSA key size is 2048 bits - only there for older device support.
Minimum ECDSA key size is 256 bits - better security.
You need 3072-bit RSA for 128 bits and this is much slower.
Certificate validation: Domain validation (DV), organization validation (OV), extended validation (EV). Vast majority interact with DV.
Certificate sharing: simplifies maintenance but can often reduce security.
Sites that share certificates also share certain classes of vulnerability.
Solutions: Automate, renew frequency, otherwise: renew keys and certs every year.
Certificate lifetime: max allowed certificate lifetime continues to fall- to about one year.
Tip: Dual-CA Deployment. Your CA is a point of failure. If they fail, your websites go down. Use two. (Extended OCSP Responder time. Mistaken revocation of own production intermediate certificate. Removal from root stores.)
Algorithm, Strength, GCM Mode (always set). SHA256 (cipher)
Use RSA and ECDSA for auth. Use ECDHE then DHE for key exchange.
minimum set of ciphers possible, then expand.
ChaCha20 suites. New authenticated suites supported by modern browsers and OpenSSL 1.1.0+. ChaCha2-=Poly1305 for TLS
ChaCha20 suites are faster for mobile devices.
HTTPS alone is not enough,.