Weak Cipher Suites and Encryption Protocols

Popularity:

2

Simplicity:

4

Impact:

6

Risk Rating:

4

Misunderstandings are common when talking about cipher suites and encryption protocols. In basic terms, cipher suites determine the algorithm used to perform the

2. Victim HTTPS certificate request

3. Attacker HTTPS certificate request

2. Victim HTTPS certificate request

3. Attacker HTTPS certificate request

6. Browser warning dismissed by victim

5. Untrusted SSL certificate

4. Trusted SSL certificate

Figure 13-15 MITM attack carried out on an HTTPS connection

6. Browser warning dismissed by victim

5. Untrusted SSL certificate

4. Trusted SSL certificate

Figure 13-15 MITM attack carried out on an HTTPS connection encryption to ensure the communication can't be decrypted within a reasonable timeframe. For example, the RSA_WITH_RC4_128_MD5 cipher suite uses RSA for key exchange, RC4 with a 128-bit key for bulk encryption, and MD5 for message authentication. Encryption protocols, such as SSLv2, SSLv3, and TLSv1.x, define how the communication takes place between two endpoints; in this case, the web browser and the web server.

Common flaws in web server configurations include the use of weak cipher suites, including those consisting of keys smaller than 128 bits. An attacker performing an MITM attack is able to capture the encrypted session data and then take it away to carry out a brute-force attack in an attempt to discover the key used to decrypt the communications. This might enable attackers to decrypt the encrypted session offline to reveal its contents in clear text, possibly allowing them to gather sensitive information, including authentication credentials.

Over time, security flaws have been discovered in a number of encryption protocols that allow attackers to manipulate data within the secure connection. SSLv2 was once the preferred encryption protocol; however, it has since been found to be vulnerable to attacks, such as the truncation attack, in which an attacker performs an MITM attack to truncate the SSLv2 communications without the web browser or the web server having any idea. For instance, an authentication request to a web application could be truncated to manipulate the password, locking out the account. Of course, there are easier ways to lock out an account.

SSLv2 is also vulnerable to a downgrade attack, where an attacker is able to intercept and manipulate the SSLv2 protocol negotiations forcing a weaker cipher suite to be selected. If the server and client both support null ciphers, then the cipher suite can be downgraded to such an extent that it transfers the data across the network in clear text. Otherwise, the weakest cipher suite can be selected, allowing this downgrade attack to make it much faster for an attacker to brute-force the decryption key.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment