Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [NSE] Script ssl-enum-ciphers should not penalize 3DES

From: "Rob Nicholls" <robert () robnicholls co uk>
Date: Fri, 29 Jul 2016 18:38:32 +0100
I'm fairly happy with that suggestion. I believe Nessus also treats 112-bit
(i.e. 3DES) keys as a "High" strength cipher.

Rob

-----Original Message-----
From: dev [mailto:dev-bounces () nmap org] On Behalf Of nnposter
Sent: 29 July 2016 18:10
To: dev () nmap org
Subject: [NSE] Script ssl-enum-ciphers should not penalize 3DES

As of now, script ssl-enum-ciphers is rating cipher suites based on 3DES
(112-bit keys) the same as those using plain 56-bit DES.

Given that 56-bit keys are considered easily within the reach of average
adversaries while 3DES keys are deemed safe at the moment, I would like to
propose that we change the rating to treat 3DES on par with 128-bit ciphers.
This position is supported by SSL Labs, which does not flag presence of 3DES
cipher suites, while rating "Cipher Strength" of such sites as "Green".

More details at https://github.com/nmap/nmap/issues/474

Please voice any concerns with such a change.


Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: