Re: [NSE] Script ssl-enum-ciphers should not penalize 3DES

[nnposter <nnposter () users sourceforge net>]

I agree with you on all counts and I have re-applied the low rating.

That said, in principle I stand by the original change logic (i.e.
112-bit symmetric keys are currently "strong", not "artificially
boosted") so I believe that from a purist's point of view the correct
way to address it is to penalize 3DES for its weak design, not for its
key size.

Cheers,
nnposter


On 8/24/16 7:41 AM, Daniel Miller wrote:
> nnposter,
>
> There's no way we could have known this 2 weeks ago, but it sounds like
> 3DES in TLS has some problems. The "SWEET32" attack [1] has demonstrated
> block collisions in 64-bit blocksize ciphers after 2^32 blocks (about
> 32GB), and decryption of small values (such as cookies) after 750GB or
> so. OpenSSL is downgrading 3DES to MEDIUM and declares "triple-DES
> should now be considered as “bad” as RC4." [2]
>
> I think we should at least back out the change that artificially boosted
> 3DES's cipher strength. Depending on how discussion plays out with the
> crypto experts over the next few weeks, we may consider adding a warning
> like we do for SHA-1 certs, RC4, and other things.
>
> Dan
>
> [1] https://sweet32.info/
> [2] https://www.openssl.org/blog/blog/2016/08/24/sweet32/
>
> On Sat, Aug 6, 2016 at 5:14 PM, nnposter <nnposter () users sourceforge net
> <mailto:nnposter () users sourceforge net>> wrote:
>
>
>     Rob's note below is the only feedback I have received so far. As such I
>     am going to commit the proposed change later next week unless anybody
>     objects.
>
>     Cheers,
>     nnposter
>
>
>     On 7/29/16 11:38 AM, Rob Nicholls wrote:
>     > I'm fairly happy with that suggestion. I believe Nessus also
>     treats 112-bit
>     > (i.e. 3DES) keys as a "High" strength cipher.
>     >
>     > Rob
>     >
>     > -----Original Message-----
>     > From: dev [mailto:dev-bounces () nmap org
>     <mailto:dev-bounces () nmap org>] On Behalf Of nnposter
>     > Sent: 29 July 2016 18:10
>     > To: dev () nmap org <mailto:dev () nmap org>
>     > Subject: [NSE] Script ssl-enum-ciphers should not penalize 3DES
>     >
>     > As of now, script ssl-enum-ciphers is rating cipher suites based
>     on 3DES
>     > (112-bit keys) the same as those using plain 56-bit DES.
>     >
>     > Given that 56-bit keys are considered easily within the reach of
>     average
>     > adversaries while 3DES keys are deemed safe at the moment, I would
>     like to
>     > propose that we change the rating to treat 3DES on par with
>     128-bit ciphers.
>     > This position is supported by SSL Labs, which does not flag
>     presence of 3DES
>     > cipher suites, while rating "Cipher Strength" of such sites as
>     "Green".
>     >
>     > More details at https://github.com/nmap/nmap/issues/474
>     <https://github.com/nmap/nmap/issues/474>
>     >
>     > Please voice any concerns with such a change.
>     >
>     >
>     > Cheers,
>     > nnposter
>
>     _______________________________________________
>     Sent through the dev mailing list
>     https://nmap.org/mailman/listinfo/dev
>     <https://nmap.org/mailman/listinfo/dev>
>     Archived at http://seclists.org/nmap-dev/
>
>
>
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/