Re: [TLS] Ordered list of cypher strengths

Michael D'Errico <mike-list@pobox.com> Sat, 17 October 2009 15:34 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 50A5F3A68AE for <tls@core3.amsl.com>; Sat, 17 Oct 2009 08:34:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qQaRkAoLW4lz for <tls@core3.amsl.com>; Sat, 17 Oct 2009 08:34:09 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-sd.pobox.com [64.74.157.62]) by core3.amsl.com (Postfix) with ESMTP id CD4EC3A6827 for <tls@ietf.org>; Sat, 17 Oct 2009 08:34:08 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 6CC167BB18 for <tls@ietf.org>; Sat, 17 Oct 2009 11:34:13 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sasl; bh=hWSb23F4uzLn gJouhEMj6yKGoXE=; b=dSu3Kf3zvtJmcr44Ox9typCN2lWQHinMLiZjLRedQUzu IzdO+aM/PEB2pFv2oUA7XRnNH+IryIJgvLS7ZPRKaX3Segd3AcgskOsAHS9y/uzB lPgKGfe/pym0DiWcpEpPtLmvuNqb2wat5NxYh8dJnvDNkrSr4syp+KgD+y5aTGU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=PbRrGZ e+yqu6D1DqCDlL9VL05nAGBXVYE0i3nGBrruR5t9Kk3jOY3U8pKJfBMqpoPkLfS1 pPaTBj8qNJ/TI/KzNE5XxynwxwS0Eo0KZQ6gFdVFAO+T+tMqX62/ZUN7hgU+INlO K51a1yZ/Al+KBa+N8CVxxtJcKcbwQ6zqWD5wo=
Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 69EE57BB17 for <tls@ietf.org>; Sat, 17 Oct 2009 11:34:13 -0400 (EDT)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id E95E47BB16 for <tls@ietf.org>; Sat, 17 Oct 2009 11:34:12 -0400 (EDT)
Message-ID: <4AD9E408.7040709@pobox.com>
Date: Sat, 17 Oct 2009 08:34:32 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: tls@ietf.org
References: <4FD799C7F81B44C094DFF8409F368F35@GIH.CO.UK>
In-Reply-To: <4FD799C7F81B44C094DFF8409F368F35@GIH.CO.UK>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
X-Pobox-Relay-ID: 85B8955E-BB32-11DE-9C81-A67CBBB5EC2E-38729857!a-pb-sasl-sd.pobox.com
Content-Transfer-Encoding: quoted-printable
Subject: Re: [TLS] Ordered list of cypher strengths
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Oct 2009 15:34:11 -0000

This is a difficult question to answer.  There are three factors to
consider when determining the relative strengths of cipher suites.
First there is the key exchange mechanism, such as RSA, DHE_DSS, etc.
Second is the bulk encryption algorithm and key length, and third is
the MAC.

The key exchange mechanism is problematic because there is no way to
specify the key length by the client; the server selects it.  Many
servers use 1024-bit RSA keys and 1024-bit Diffie-Hellman parameters
which roughly correspond to "only" 80 bits of security.  This may be
the weak link.  Using AES-256 may provide no more security than RC4
if a 1024-bit RSA key exchange is done.

I know this is not the answer you were hoping for, but the reality
is you can't create the list you want.

Also, with email, messages are only protected in transit.  The server
at each hop will have the full plaintext of your message.  And even
if the first hop uses TLS for that transfer, there is no guarantee
that TLS will be used on every transfer all the way to the recipient.
And then once it's at the recipient, you don't know that they've set
up their mail client to use TLS with POP3 or IMAP.


Mike
----
http://mikestoolbox.com


Olivier MJ Crepin-Leblond wrote:
> Hello there,
>  
> could someone please point me to references or a page discussing cypher 
> strengths and listing them in increasing order, in an email specific 
> context? For example, I'm seeing emails transfers which seem to be using:
>  
> - AES256-SHA
> - RC4-MD5
> - DHE-RSA-AES256-SHA
> - ADH-AES256-SHA
> - EDH-RSA-DES-CBC3-SHA
>  
> etc.
>  
> I know of the page: http://www.openssl.org/docs/apps/ciphers.html which 
> lists cypher suites, but are these listed in order of increasing strength?
>  
> Warm regards,
>  
> -- 
> Olivier MJ Crépin-Leblond, PhD
> http://www.gih.com/ocl.html