Monday, February 16, 2009

Browser secrets of secure connections Page 2

In general, longer key sizes are stronger within a particular cipher. For example, a 256-bit AES key is stronger than a 128-bit AES key. However, you can't always use key size as a strength measurement between cipher families. For example, 384-bit ECC is considered stronger than 1,024-bit Diffie-Hellman. Plus, you can have a horrible cipher with a really long key size and still come out with poor protection. As a matter of fact, users should be wary of newly announced ciphers from questionable sources that claim ultralong key sizes (such as 1 million bits or more). A good cipher doesn't need an ultralong key size. If the cipher algorithm is good, smaller key sizes can be used and the cipher will remain strong.

Browser cipher order

When a browser first connects to a SSL/TLS-protected Web site, the first packet in the SSL handshake includes the browser's preferred cipher order, including all the ciphers the browser currently supports. Both the client and the Web site must agree upon which ciphers to use before they continue. With any luck, the Web site will pick the strongest cipher the client supports.

By offering the strongest cipher first, the browser increases the likelihood that a Web server will pick it, if it supports it. Using stronger cipher orders shows a browser vendor's commitment to cipher strength. Still, it is not unusual to see a browser vendor support very strong ciphers but offer weaker, more-popular ciphers first. This could potentially speed up SSL/TLS negotiations.

The browsers compared

Browsers in this review run the gamut in cipher support. Firefox (Version 3.12) has the strongest first cipher showing (TLS, ECC, AES, 256-bit key) followed by Opera (Version 9.63). Firefox also has strong defaults, and 34 total ciphers to choose from. (Click each browser name to view its entire cipher order.)

Opera is impressive because it offers 256-bit symmetric ciphers for the first five suggestions (TLS, RSA, AES being the first). However, Opera doesn't offer ECC support at all, which means that Chrome (Version 1.0) and Internet Explorer (Version 8, Beta 2), which do offer ECC, could easily be considered tied for second in cipher support if more than first cipher offered were considered.

Both Chrome and Internet Explorer offer TLS, RSA, AES with a 128-bit key first and with a 256-bit key second. In both cases, ECC isn't offered until fifth. Still, Safari runs away with last place with weak first offerings (TLS, RSA, RC4, 128-bit key is offered first and second), frequent MD5 offerings, and no support for ECC, AES, or 256-bit keys.

No comments:

Post a Comment