Nmap Development mailing list archives
Re: [NSE] Script ssl-enum-ciphers should not penalize 3DES
From: nnposter <nnposter () users sourceforge net>
Date: Wed, 24 Aug 2016 08:56:48 -0600
I agree with you on all counts and I have re-applied the low rating. That said, in principle I stand by the original change logic (i.e. 112-bit symmetric keys are currently "strong", not "artificially boosted") so I believe that from a purist's point of view the correct way to address it is to penalize 3DES for its weak design, not for its key size. Cheers, nnposter On 8/24/16 7:41 AM, Daniel Miller wrote:
nnposter, There's no way we could have known this 2 weeks ago, but it sounds like 3DES in TLS has some problems. The "SWEET32" attack [1] has demonstrated block collisions in 64-bit blocksize ciphers after 2^32 blocks (about 32GB), and decryption of small values (such as cookies) after 750GB or so. OpenSSL is downgrading 3DES to MEDIUM and declares "triple-DES should now be considered as “bad” as RC4." [2] I think we should at least back out the change that artificially boosted 3DES's cipher strength. Depending on how discussion plays out with the crypto experts over the next few weeks, we may consider adding a warning like we do for SHA-1 certs, RC4, and other things. Dan [1] https://sweet32.info/ [2] https://www.openssl.org/blog/blog/2016/08/24/sweet32/ On Sat, Aug 6, 2016 at 5:14 PM, nnposter <nnposter () users sourceforge net <mailto:nnposter () users sourceforge net>> wrote: Rob's note below is the only feedback I have received so far. As such I am going to commit the proposed change later next week unless anybody objects. Cheers, nnposter On 7/29/16 11:38 AM, Rob Nicholls wrote: > I'm fairly happy with that suggestion. I believe Nessus also treats 112-bit > (i.e. 3DES) keys as a "High" strength cipher. > > Rob > > -----Original Message----- > From: dev [mailto:dev-bounces () nmap org <mailto:dev-bounces () nmap org>] On Behalf Of nnposter > Sent: 29 July 2016 18:10 > To: dev () nmap org <mailto:dev () nmap org> > Subject: [NSE] Script ssl-enum-ciphers should not penalize 3DES > > As of now, script ssl-enum-ciphers is rating cipher suites based on 3DES > (112-bit keys) the same as those using plain 56-bit DES. > > Given that 56-bit keys are considered easily within the reach of average > adversaries while 3DES keys are deemed safe at the moment, I would like to > propose that we change the rating to treat 3DES on par with 128-bit ciphers. > This position is supported by SSL Labs, which does not flag presence of 3DES > cipher suites, while rating "Cipher Strength" of such sites as "Green". > > More details at https://github.com/nmap/nmap/issues/474 <https://github.com/nmap/nmap/issues/474> > > Please voice any concerns with such a change. > > > Cheers, > nnposter _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev <https://nmap.org/mailman/listinfo/dev> Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Script ssl-enum-ciphers should not penalize 3DES nnposter (Jul 29)
- RE: [NSE] Script ssl-enum-ciphers should not penalize 3DES Rob Nicholls (Jul 29)
- Re: [NSE] Script ssl-enum-ciphers should not penalize 3DES nnposter (Aug 06)
- Re: [NSE] Script ssl-enum-ciphers should not penalize 3DES Daniel Miller (Aug 24)
- Re: [NSE] Script ssl-enum-ciphers should not penalize 3DES nnposter (Aug 24)
- Re: [NSE] Script ssl-enum-ciphers should not penalize 3DES nnposter (Aug 06)
- RE: [NSE] Script ssl-enum-ciphers should not penalize 3DES Rob Nicholls (Jul 29)