SlideShare ist ein Scribd-Unternehmen logo

BetterCrypto: three years in..

Aaron Zauner
Aaron Zauner

https://www.troopers.de/events/troopers16/609_bettercrypto_three_years_in/ The BetterCrypto Project started out in the fall of 2013 as a collaborative community effort by systems engineers, security engineers, developers and cryptographers to build up a sound set of recommendations for strong cryptography and privacy enhancing technologies catered towards the operations community in the face of overarching wiretapping and data-mining by nation-state actors. The project has since evolved with a lot of positive feedback from the open source and operations community in general with input from various browser vendors, linux distribution security teams and researchers. This talk highlights three years of community collaboration on a 100+ page document that has been continuously evolving via mailing-list discussion and GitHub Pull-requests. We will provide a few metrics and see what kind of discussions were previsional back when we started out. We will review novel attacks against TLS and other crypto protocols as well as leaked information on classified cryptanalysis have appeared over the last three years and compare how our guide compares against them. While the project has been going on for three years, there's regularly renewed interest as soon as new attacks or publications on quantum computers show up. The upkeep and continuous improvement of the project are paramount and every person we can get to help us with their expertise is an improvement for the document. We will discuss further project development and ideas towards continuous integration and testing of the project's recommended configurations as well as new threats on online privacy to be mitigated in the future.

Technologie
1 von 48
Downloaden Sie, um offline zu lesen
BetterCrypto - three years in.. TROOPERS16, Heidelberg, DE | 2016-03-17 Aaron Zauner | @a_z_e_t | azet@azet.org TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Timeline We start at the beginning. The year is 2013. June: Snowden revelations Summer: More leaks start apprearing . . . People start talking about a Crypto-Apocalypse (OMG!) August: Aaron Kaplan and Adi Kriegisch start discussing this topic/guide September/October: Project goes public, a lot of contributions and ML discussion TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Motivation Lack of available guides for sysadmins/mgmt for ‘crypto hardening’ No up-to-date blog posts we could make use of Crypto-guides (ENISA, eCrypto II, NIST etc.) for experts, not end-users/admins TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
BetterCrypto BetterCrypto(.org) - Applied Crypto Hardening is born Clear audience: sysadmins without expert knowledge (e.g. crypto), management, decision makers,.. Clear target: explain all decisions, have open-mailing list discussion, everything FOSS, public and auditable TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
BetterCrypto (cont.) Do at least something against the Cryptocalypse Check SSL, SSH, PGP crypto settings in the most common services and certificates: – Apache, Nginx, lighthttpd – IMAP/POP servers (dovecot, cyrus, . . . ) – openssl.conf – Etc. Write down our experiences as guide Create easy, copy & paste-able settings which are “OK” (as far as we know) for sysadmins. Many eyes must check this! FOSS TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Why is this relevant for you? You run networks and services. These are targets. If you believe it or not. You produce code. Make sure it uses good crypto coding practices However good crypto is hard to achieve Crypto does not solve all problems, but it helps TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Who? Wolfgang Breyha (uni VIE), David Durvaux, Tobias Dussa (KIT-CERT), L. Aaron Kaplan (CERT.at), Christian Mock (coretec), Daniel Kovacic (A-Trust), Manuel Koschuch (FH Campus Wien), Adi Kriegisch (VRVis), Ramin Sabet (A-Trust), Aaron Zauner (azet.org), Pepi Zawodsky (maclemon.at), IAIK, A-Sit, . . . Sysadmins Engineers Devs. Cryptographers Security Engineers . . . TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Contents. About 100 pages. Rough Overview: Intro Disclaimer Methods Theory Elliptic Curve Cryptography Keylengths Random Number Generators Cipher suites – general overview & how to choose one Recommendations on practical settings Tools Links Appendix TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Methods and Principles Methods: Public review commits get discussed recommendations need references (like wikipedia) Every commit gets logged & we need your review! TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
How to contribute? https://git.bettercrypto.org (master, read-only) https://github.com/BetterCrypto/ (please clone this one & send PRs) 1 discuss the changes first on the mailinglist 2 clone 3 follow the templates 4 send pull requests 5 split the commit into many smaller commits 6 don’t be cross if something does not get accepted. 7 be ready for discussion TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
What do we provide? A common ‘CipherString’ Template configurations for a lot of different open source projects (also as textfiles) References, Crypto Background, Testing, Tools, etc,.. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
What we have so far Web server: Apache, nginx, MS IIS, lighttpd Mail: Dovecot, cyrus, Postfix, Exim DBs: Mysql, Oracle, Postgresql, DB2 VPN: OpenVPN, IPSec, Checkpoint, . . . Proxies: Squid, Pound GnuPG SSH IM servers (jabber, irc) DANE (this section is still WIP) Configuration code snippets TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
CipherString and Suite In SSL/TLS terminology; a ciphersuite combines the previously mentioned cryptographic techniques to work together and forms part of a secure (online) communication protocol Elliptic Curve Diffie-Hellman (Ephemeral - PFS) RSA AES128 Galois Counter Mode (GCM) SHA256 IANA standardized TLS parameters TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 differs between implementations (openssl, gnutls, cryptoapi etc.) and versions! TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
(Perfect) Forward Secrecy Problem: Three letter agency (TLA) records all encrypted traffic Someday TLA gains access to private-key (Brute Force, Physical Force) TLA can decrypt all recorded traffic Solution: Ephemeral session keys via Diffie Hellman (ECDHE and DHE) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Keylengths http://www.keylength.com/ Recommended Keylengths, Hashing algorithms, etc. Currently: RSA: >= 3248 bits (Ecrypt II) ECC: >= 256 SHA 2+ (SHA 256,. . . ) AES 128 is good enough TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
AES 128? Is that enough? „On the choice between AES256 and AES128: I would never consider using AES256, just l ike I don’t wear a helmet when I sit inside my car. It’s too much bother for the epsilon improvem ent in security.” — Vincent Rijmen in a personal mail exchange Dec 2013 Some theoretical attacks on AES-256 TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
CipherString and Suite What is a SSLCipherSuite? vs. SSLProtocol Example: SSLProtocol A l l −SSLv2 −SSLv3 SSLCipherSuite ‘EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+a 56:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+S :!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256- SHA:CAMELLIA128-SHA:AES128-SHA’ TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
CipherString and Suite General: Disable SSL 2.0 (weak protocol and algorithms) Disable SSL 3.0 (BEAST, POODLE) Disable RC4 cipher (RFC7465) Disable EXPORT suites (FREAK Attack) Enable TLS 1.0 or better Disable TLS-Compression (SSL-CRIME Attack) Implement HSTS (HTTP Strict Transport Security) Implement OCSP stapling (Security and performance improvement) Variant A: fewer supported clients Variant B: more clients, weaker settings TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Variant A EECDH+aRSA+AES256:EDH+aRSA+AES256:!SSLv3 Compatibility: Only clients which support TLS1.2 are covered by these cipher suites (Chrome 30, Win 7 and Win 8.1, Opera 17, OpenSSL >= 1.0.1e, Safari 6/iOS 5, Safari 7/OS X 10.9) Excellent for controlled environments, like intranet. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Variant B weaker ciphers, broad client support TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Example Apache Selecting cipher suites: Additionally mod_rewrite: TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Testing TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Tools: openssl s_client openssl s_client -showcerts –connect git.bettercrypto.org:443 TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Tools: sslscan TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Tools: ssllabs.com TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Tools: ssllabs.com (2) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Tools: ssllabs.com (3) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Tools: SSLyze SSLyze is a “Fast and full-featured SSL scanner” A tool to test internally which cipher strings are supported. The tool offers these features (amongst others): get a list of targets (ip:port) from a file XML output heartbleed test OCSP stapling test SSLv2-TLS1.2 testing finding preferred and supported cipher strings STARTTLS testing (IMAP, pop, . . . ) XMPP testing SNI support HSTS testing TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Tools: SSLyze (1) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Tools: SSLyze (2) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Mitigated Attacks We’ve mitigated some high-profile TLS/SSL vulernabilities in the past years if you’ve deployed our guide. So far users have been pleased. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Mitigated Attacks: CRIME Requires TLS compression to perform attack. From the very beginning we’ve always turned off TLS or application level compression (BREACH e.g. is a very similar attack on HTTP compression). TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Mitigated Attacks: POODLE Required SSLv3 (“TLS-POODLE” is specific to a certain unfamous vendor). We explicitly forbid SSLv3 - this kills the POODLE ;) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Mitigated Attacks: Logjam MITM Attack which requires 512, 768bit Diffie-Hellman to decrypt We’ve always recommended and, if possible, tried to supply a guide how to use DH params with >= 1024 bits This was a discussion we had very early on in the project and a lot of contributors did their research well Some opened tickets, commited etc. - upstream TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Mitigated Attacks: FREAK Requires EXPORT (low-security, early-90ties US ammunition export law) ciphers. We explicitly exclude EXPORT ciphers, problem solved. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Mitigated Attacks: DROWN Cross-“protocol” (version) attack that requires SSLv2. We’ve always recommended against enabling (completely insecure) SSLv2 in all configurations! Mail server daemon distributors used to recommend v2 - that’s now gone as well. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Implementation specific attacks We can’t do a lot against implementation specific attacks there have been quite a lot in the past years (OpenSSL, Apple, Microsoft, $APPLIANCEVENDOR,..) we try to provide a config guide, we’re not auditors (up to sec. ngineers like you! ;)) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Project statistics 45 Contributors (git only) - ML as well (commited by others) 1501 commits Mostly LateX (a lot of overhead) - no line count stats. More than 1200 msgs to the mailing list TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Project statistics (cont.) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Project statistics (cont.) Always new posts to ML if new attacks appear Improvements to the document regularly on GitHub (e.g. Mail, Jabber section) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Discussion - PostQuantum some experts believe that a real quantum computer (not D-Wave) is only 10-50 years away new ‘post-quantum crypto schemes’ - no standard yet, we can’t use them, almost no implementations we currently have no plans to add anything in this direction, but might in the future TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Discussion - ECC djb et al: SafeCurves - are NIST/NSA curves trustable? parameters chosen by NSA, might contain backdoor? a lot of discussion in the project, we prefered DHE over ECDHE because of uncertainty in 2013 Nowadays opinion by experts: common implementations are “hardened” and work well (see also: https://eprint.iacr.org/2015/1018.pdf) IETF will standardize new non-NIST curves in the near future, implementations will follow as will we. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Future We need continued input by (domain) experts. If you know a service, appliance or math well - talk to us, review,.. This project is still active and needs a bit of upkeep by the community, if you like it, please help out TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Future - testing? What about automatically testing our configuration recommendations against different distributions, server daemon versions, TLS stacks et cetera? What about automatically deploying them as well? Jenkins Packer Vagrant Puppet/Chef/Ansible/CfEngine/.. . . . TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Future - testing? We’d like to provide a nice JavaScript-y webinterface for choosing your daemon version and getting a proper, up to date, secure configuration for it on the website. There has been interest in the past, but no one working on it currently. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Status Quo Distro and Package security w.r.t. Crypto settings has improved sigificantly over the past years Distribution security teams now work on similar issues, as do other secuity teams (e.g. browser vendors) There’s a lot to do and tons of legacy systems with really bad configurations (see ongoing scanning research by various parties) IETF works on a lot of protocol and crypto security related improvements - time to market? ;) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Status Quo (cont.) Most sysadmins are still largely unfamiliar with the topic and follow stackexchange, (some-times wrong, unreviewed) blogposts etc. We do have quite a few sections and recommendations that need regular checking, love, testing and contribution The more people audit, discuss and review, the better the project becomes (if not spammed by crypto-tinfoils) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
Questions? Website: https://www.bettercrypto.org Master (read-only) Git repo: https://git.bettercrypto.org Public github repo for PRs: https://github.com/BetterCrypto/ Applied-Crypto-Hardening Mailing list: http://lists.cert.at/cgi-bin/mailman/listinfo/ach IRC: #bettercrypto on freenode Twitter: @bettercrypto TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..

Empfohlen

[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...Aaron Zauner
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & EncryptionAaron Zauner
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 
Beautiful Bash: Let's make reading and writing bash scripts fun again!
Beautiful Bash: Let's make reading and writing bash scripts fun again!Beautiful Bash: Let's make reading and writing bash scripts fun again!
Beautiful Bash: Let's make reading and writing bash scripts fun again!Aaron Zauner
 
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...Aaron Zauner
 
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...Aaron Zauner
 
State of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeState of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeAaron Zauner
 
Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)Aaron Zauner
 

Empfohlen

[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...
[BlackHat USA 2016] Nonce-Disrespecting Adversaries: Practical Forgery Attack...Aaron Zauner
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & EncryptionAaron Zauner
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 
Beautiful Bash: Let's make reading and writing bash scripts fun again!
Beautiful Bash: Let's make reading and writing bash scripts fun again!Beautiful Bash: Let's make reading and writing bash scripts fun again!
Beautiful Bash: Let's make reading and writing bash scripts fun again!Aaron Zauner
 
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...Aaron Zauner
 
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...
No need for Black Chambers: Testing TLS in the E-Mail Ecosystem at Large (hac...Aaron Zauner
 
State of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeState of Transport Security in the E-Mail Ecosystem at Large
State of Transport Security in the E-Mail Ecosystem at LargeAaron Zauner
 
Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)Introduction to and survey of TLS security (BsidesHH 2014)
Introduction to and survey of TLS security (BsidesHH 2014)Aaron Zauner
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
[IETF Part] BetterCrypto Workshop @ Hack.lu 2014
[IETF Part] BetterCrypto Workshop @ Hack.lu 2014[IETF Part] BetterCrypto Workshop @ Hack.lu 2014
[IETF Part] BetterCrypto Workshop @ Hack.lu 2014Aaron Zauner
 
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 [Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 Aaron Zauner
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
BetterCrypto: Applied Crypto Hardening
BetterCrypto: Applied Crypto HardeningBetterCrypto: Applied Crypto Hardening
BetterCrypto: Applied Crypto HardeningAaron Zauner
 
How to save the environment
How to save the environmentHow to save the environment
How to save the environmentAaron Zauner
 
Sc12 workshop-writeup
Sc12 workshop-writeupSc12 workshop-writeup
Sc12 workshop-writeupAaron Zauner
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Weitere ähnliche Inhalte

Mehr von Aaron Zauner

Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
[IETF Part] BetterCrypto Workshop @ Hack.lu 2014
[IETF Part] BetterCrypto Workshop @ Hack.lu 2014[IETF Part] BetterCrypto Workshop @ Hack.lu 2014
[IETF Part] BetterCrypto Workshop @ Hack.lu 2014Aaron Zauner
 
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 [Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 Aaron Zauner
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS SecurityAaron Zauner
 
BetterCrypto: Applied Crypto Hardening
BetterCrypto: Applied Crypto HardeningBetterCrypto: Applied Crypto Hardening
BetterCrypto: Applied Crypto HardeningAaron Zauner
 
How to save the environment
How to save the environmentHow to save the environment
How to save the environmentAaron Zauner
 
Sc12 workshop-writeup
Sc12 workshop-writeupSc12 workshop-writeup
Sc12 workshop-writeupAaron Zauner
 

Mehr von Aaron Zauner (7)

Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
 
[IETF Part] BetterCrypto Workshop @ Hack.lu 2014
[IETF Part] BetterCrypto Workshop @ Hack.lu 2014[IETF Part] BetterCrypto Workshop @ Hack.lu 2014
[IETF Part] BetterCrypto Workshop @ Hack.lu 2014
 
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014 [Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
[Attacks Part] BetterCrypto Workshop @ Hack.lu 2014
 
Introduction to and survey of TLS Security
Introduction to and survey of TLS SecurityIntroduction to and survey of TLS Security
Introduction to and survey of TLS Security
 
BetterCrypto: Applied Crypto Hardening
BetterCrypto: Applied Crypto HardeningBetterCrypto: Applied Crypto Hardening
BetterCrypto: Applied Crypto Hardening
 
How to save the environment
How to save the environmentHow to save the environment
How to save the environment
 
Sc12 workshop-writeup
Sc12 workshop-writeupSc12 workshop-writeup
Sc12 workshop-writeup
 

Kürzlich hochgeladen

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

BetterCrypto: three years in..

  • 1. BetterCrypto - three years in.. TROOPERS16, Heidelberg, DE | 2016-03-17 Aaron Zauner | @a_z_e_t | azet@azet.org TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 2. Timeline We start at the beginning. The year is 2013. June: Snowden revelations Summer: More leaks start apprearing . . . People start talking about a Crypto-Apocalypse (OMG!) August: Aaron Kaplan and Adi Kriegisch start discussing this topic/guide September/October: Project goes public, a lot of contributions and ML discussion TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 3. Motivation Lack of available guides for sysadmins/mgmt for ‘crypto hardening’ No up-to-date blog posts we could make use of Crypto-guides (ENISA, eCrypto II, NIST etc.) for experts, not end-users/admins TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 4. BetterCrypto BetterCrypto(.org) - Applied Crypto Hardening is born Clear audience: sysadmins without expert knowledge (e.g. crypto), management, decision makers,.. Clear target: explain all decisions, have open-mailing list discussion, everything FOSS, public and auditable TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 5. BetterCrypto (cont.) Do at least something against the Cryptocalypse Check SSL, SSH, PGP crypto settings in the most common services and certificates: – Apache, Nginx, lighthttpd – IMAP/POP servers (dovecot, cyrus, . . . ) – openssl.conf – Etc. Write down our experiences as guide Create easy, copy & paste-able settings which are “OK” (as far as we know) for sysadmins. Many eyes must check this! FOSS TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 6. Why is this relevant for you? You run networks and services. These are targets. If you believe it or not. You produce code. Make sure it uses good crypto coding practices However good crypto is hard to achieve Crypto does not solve all problems, but it helps TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 7. Who? Wolfgang Breyha (uni VIE), David Durvaux, Tobias Dussa (KIT-CERT), L. Aaron Kaplan (CERT.at), Christian Mock (coretec), Daniel Kovacic (A-Trust), Manuel Koschuch (FH Campus Wien), Adi Kriegisch (VRVis), Ramin Sabet (A-Trust), Aaron Zauner (azet.org), Pepi Zawodsky (maclemon.at), IAIK, A-Sit, . . . Sysadmins Engineers Devs. Cryptographers Security Engineers . . . TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 8. Contents. About 100 pages. Rough Overview: Intro Disclaimer Methods Theory Elliptic Curve Cryptography Keylengths Random Number Generators Cipher suites – general overview & how to choose one Recommendations on practical settings Tools Links Appendix TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 9. Methods and Principles Methods: Public review commits get discussed recommendations need references (like wikipedia) Every commit gets logged & we need your review! TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 10. How to contribute? https://git.bettercrypto.org (master, read-only) https://github.com/BetterCrypto/ (please clone this one & send PRs) 1 discuss the changes first on the mailinglist 2 clone 3 follow the templates 4 send pull requests 5 split the commit into many smaller commits 6 don’t be cross if something does not get accepted. 7 be ready for discussion TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 11. What do we provide? A common ‘CipherString’ Template configurations for a lot of different open source projects (also as textfiles) References, Crypto Background, Testing, Tools, etc,.. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 12. What we have so far Web server: Apache, nginx, MS IIS, lighttpd Mail: Dovecot, cyrus, Postfix, Exim DBs: Mysql, Oracle, Postgresql, DB2 VPN: OpenVPN, IPSec, Checkpoint, . . . Proxies: Squid, Pound GnuPG SSH IM servers (jabber, irc) DANE (this section is still WIP) Configuration code snippets TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 13. CipherString and Suite In SSL/TLS terminology; a ciphersuite combines the previously mentioned cryptographic techniques to work together and forms part of a secure (online) communication protocol Elliptic Curve Diffie-Hellman (Ephemeral - PFS) RSA AES128 Galois Counter Mode (GCM) SHA256 IANA standardized TLS parameters TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 differs between implementations (openssl, gnutls, cryptoapi etc.) and versions! TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 14. (Perfect) Forward Secrecy Problem: Three letter agency (TLA) records all encrypted traffic Someday TLA gains access to private-key (Brute Force, Physical Force) TLA can decrypt all recorded traffic Solution: Ephemeral session keys via Diffie Hellman (ECDHE and DHE) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 15. Keylengths http://www.keylength.com/ Recommended Keylengths, Hashing algorithms, etc. Currently: RSA: >= 3248 bits (Ecrypt II) ECC: >= 256 SHA 2+ (SHA 256,. . . ) AES 128 is good enough TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 16. AES 128? Is that enough? „On the choice between AES256 and AES128: I would never consider using AES256, just l ike I don’t wear a helmet when I sit inside my car. It’s too much bother for the epsilon improvem ent in security.” — Vincent Rijmen in a personal mail exchange Dec 2013 Some theoretical attacks on AES-256 TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 17. CipherString and Suite What is a SSLCipherSuite? vs. SSLProtocol Example: SSLProtocol A l l −SSLv2 −SSLv3 SSLCipherSuite ‘EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+a 56:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+S :!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256- SHA:CAMELLIA128-SHA:AES128-SHA’ TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 18. CipherString and Suite General: Disable SSL 2.0 (weak protocol and algorithms) Disable SSL 3.0 (BEAST, POODLE) Disable RC4 cipher (RFC7465) Disable EXPORT suites (FREAK Attack) Enable TLS 1.0 or better Disable TLS-Compression (SSL-CRIME Attack) Implement HSTS (HTTP Strict Transport Security) Implement OCSP stapling (Security and performance improvement) Variant A: fewer supported clients Variant B: more clients, weaker settings TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 19. Variant A EECDH+aRSA+AES256:EDH+aRSA+AES256:!SSLv3 Compatibility: Only clients which support TLS1.2 are covered by these cipher suites (Chrome 30, Win 7 and Win 8.1, Opera 17, OpenSSL >= 1.0.1e, Safari 6/iOS 5, Safari 7/OS X 10.9) Excellent for controlled environments, like intranet. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 20. Variant B weaker ciphers, broad client support TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 21. Example Apache Selecting cipher suites: Additionally mod_rewrite: TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 22. Testing TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 23. Tools: openssl s_client openssl s_client -showcerts –connect git.bettercrypto.org:443 TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 24. Tools: sslscan TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 25. Tools: ssllabs.com TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 26. Tools: ssllabs.com (2) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 27. Tools: ssllabs.com (3) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 28. Tools: SSLyze SSLyze is a “Fast and full-featured SSL scanner” A tool to test internally which cipher strings are supported. The tool offers these features (amongst others): get a list of targets (ip:port) from a file XML output heartbleed test OCSP stapling test SSLv2-TLS1.2 testing finding preferred and supported cipher strings STARTTLS testing (IMAP, pop, . . . ) XMPP testing SNI support HSTS testing TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 29. Tools: SSLyze (1) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 30. Tools: SSLyze (2) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 31. Mitigated Attacks We’ve mitigated some high-profile TLS/SSL vulernabilities in the past years if you’ve deployed our guide. So far users have been pleased. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 32. Mitigated Attacks: CRIME Requires TLS compression to perform attack. From the very beginning we’ve always turned off TLS or application level compression (BREACH e.g. is a very similar attack on HTTP compression). TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 33. Mitigated Attacks: POODLE Required SSLv3 (“TLS-POODLE” is specific to a certain unfamous vendor). We explicitly forbid SSLv3 - this kills the POODLE ;) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 34. Mitigated Attacks: Logjam MITM Attack which requires 512, 768bit Diffie-Hellman to decrypt We’ve always recommended and, if possible, tried to supply a guide how to use DH params with >= 1024 bits This was a discussion we had very early on in the project and a lot of contributors did their research well Some opened tickets, commited etc. - upstream TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 35. Mitigated Attacks: FREAK Requires EXPORT (low-security, early-90ties US ammunition export law) ciphers. We explicitly exclude EXPORT ciphers, problem solved. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 36. Mitigated Attacks: DROWN Cross-“protocol” (version) attack that requires SSLv2. We’ve always recommended against enabling (completely insecure) SSLv2 in all configurations! Mail server daemon distributors used to recommend v2 - that’s now gone as well. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 37. Implementation specific attacks We can’t do a lot against implementation specific attacks there have been quite a lot in the past years (OpenSSL, Apple, Microsoft, $APPLIANCEVENDOR,..) we try to provide a config guide, we’re not auditors (up to sec. ngineers like you! ;)) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 38. Project statistics 45 Contributors (git only) - ML as well (commited by others) 1501 commits Mostly LateX (a lot of overhead) - no line count stats. More than 1200 msgs to the mailing list TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 39. Project statistics (cont.) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 40. Project statistics (cont.) Always new posts to ML if new attacks appear Improvements to the document regularly on GitHub (e.g. Mail, Jabber section) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 41. Discussion - PostQuantum some experts believe that a real quantum computer (not D-Wave) is only 10-50 years away new ‘post-quantum crypto schemes’ - no standard yet, we can’t use them, almost no implementations we currently have no plans to add anything in this direction, but might in the future TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 42. Discussion - ECC djb et al: SafeCurves - are NIST/NSA curves trustable? parameters chosen by NSA, might contain backdoor? a lot of discussion in the project, we prefered DHE over ECDHE because of uncertainty in 2013 Nowadays opinion by experts: common implementations are “hardened” and work well (see also: https://eprint.iacr.org/2015/1018.pdf) IETF will standardize new non-NIST curves in the near future, implementations will follow as will we. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 43. Future We need continued input by (domain) experts. If you know a service, appliance or math well - talk to us, review,.. This project is still active and needs a bit of upkeep by the community, if you like it, please help out TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 44. Future - testing? What about automatically testing our configuration recommendations against different distributions, server daemon versions, TLS stacks et cetera? What about automatically deploying them as well? Jenkins Packer Vagrant Puppet/Chef/Ansible/CfEngine/.. . . . TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 45. Future - testing? We’d like to provide a nice JavaScript-y webinterface for choosing your daemon version and getting a proper, up to date, secure configuration for it on the website. There has been interest in the past, but no one working on it currently. TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 46. Status Quo Distro and Package security w.r.t. Crypto settings has improved sigificantly over the past years Distribution security teams now work on similar issues, as do other secuity teams (e.g. browser vendors) There’s a lot to do and tons of legacy systems with really bad configurations (see ongoing scanning research by various parties) IETF works on a lot of protocol and crypto security related improvements - time to market? ;) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 47. Status Quo (cont.) Most sysadmins are still largely unfamiliar with the topic and follow stackexchange, (some-times wrong, unreviewed) blogposts etc. We do have quite a few sections and recommendations that need regular checking, love, testing and contribution The more people audit, discuss and review, the better the project becomes (if not spammed by crypto-tinfoils) TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..
  • 48. Questions? Website: https://www.bettercrypto.org Master (read-only) Git repo: https://git.bettercrypto.org Public github repo for PRs: https://github.com/BetterCrypto/ Applied-Crypto-Hardening Mailing list: http://lists.cert.at/cgi-bin/mailman/listinfo/ach IRC: #bettercrypto on freenode Twitter: @bettercrypto TROOPERS16, Heidelberg, DE | 2016-03-17 BetterCrypto - three years in..