-2
  1. By visiting some websites, like bank websites, we can see for example: TLS_DHE_RSA_WITH_AES_128_CBS_SHA, 128 bits, TLS 1.0

    I would like to know:

    • What does mean CBC?
    • TLS 1.0 is an old version, is there any reason not to use the latest TLS 1.2 one?
  2. In an another example : TLS_RSA_WITH_3DES_EDE_CBS_SHA, 112 bits, TLS 1.0

    • Is there any reason to still use DES rather AES which is better?
    • What does EDE mean?
C.K.
  • 29
  • 5
  • I think you have a typo - it's CBC, not CBS. – Polynomial May 18 '15 at 11:17
  • Also, for future reference, we usually request that you ask one question per post. You've stuck a lot of stuff into one place here, which is probably why someone downvoted. Take a look at our [tour page](http://security.stackexchange.com/tour) and [the help center](http://security.stackexchange.com/help) for more information on how StackExchange works. – Polynomial May 18 '15 at 11:22
  • @Polynomial : Thanks for your suggestions but I wanted precisely to avoid to create a lot of topics with a single question in each (spam). Should I nevertheless create as many topics as I have questions ? Moreover I could have sum up the whole questions into one : what does mean the following sentence ? So if it's just a matter of formatting... – C.K. May 18 '15 at 12:40
  • @AlpA If you'd split it individually you'd have found that most of the questions you wanted to ask were already answered elsewhere, so you only needed to ask one or two specific ones to cover the more specific parts of your question. – Polynomial May 18 '15 at 12:42
  • @Polynomial : also there is no private messaging service on StackExchange ? – C.K. May 18 '15 at 15:46
  • @AlpA No. We have [The DMZ](http://chat.stackexchange.com/rooms/151/the-dmz) for general chat, but there are no private messages. It would defeat the point of having public discussion which can be referred to later by others. – Polynomial May 18 '15 at 15:51

1 Answers1

4

How does work exactly the hybrid encryption RSA with AES?

The long-term RSA keypair is used to exchange a temporary "session" key which is used to encrypt the traffic with AES. This can either be direct (i.e. generate key, encrypt with RSA public key, send to server, decrypt with RSA private key) or via a secondary key exchange mechanism (e.g. Diffie-Hellman) using the long-term RSA key for authenticity.

What do mean DHE and CBS?

DHE stands for Diffie-Hellman Ephemeral. Diffie-Hellman key exchange allows for key agreement between two parties without leaking the key even if someone's looking at the traffic. The RSA key is used (as I mentioned above) to authenticate the parameters so that they can't be tampered with in a man-in-the-middle attack. The special thing about ephemeral Diffie-Hellman is that the DH private parameters are discarded after they key exchange finishes. Ephemeral key exchange provides a useful security feature - even if you compromise the long-term RSA key at a later date, you can't go back and decrypt captured traffic.

CBC (it's not CBS) is a block cipher mode which allows multiple blocks to be safely encrypted in a block cipher (e.g. AES). It stands for Cipher Block Chaining, and essentially propagates previous ciphertext blocks through to the next plaintext block in order to prevent equal plaintext blocks generating the same ciphertext blocks (if this happened, it'd be vulnerable to a distinguishing attack).

TLS 1.0 is an old version, is there any reason not to use the latest TLS 1.2 one?

TLS 1.1 and 1.2 support is lacking in older browsers, embedded devices, and many mobile devices. TLS 1.0 should be supported everywhere by now. It is generally considered safe to support TLS 1.2 and TLS 1.0, because browsers will automatically use TLS 1.2 if it is available.

In an another example : TLS_RSA_WITH_3DES_EDE_CBS_SHA, 112 bits, TLS 1.0, Is there any reason to still use DES rather AES which is better?

DES itself is actually still a strong cipher - the main problem is that its key size is weak. 3DES performs three DES operations to extend the key size from 56-bit to 168-bit. This provides a sensible level of security, though due to its construction (we'll get into that in a minute) it's vulnerable to a type of attack called a meet-in-the-middle, which lowers its effective security level to about 112 bits, at a space tradeoff of 256 64-bit blocks (just under 600 petabytes).

There's no real reason to use it over AES - it's just there as an alternative for legacy support.

What does mean EDE ?

In order to maintain compatibility with single-DES, 3DES has a construction called EDE (Encrypt, Decrypt, Encrypt). In full 3DES mode, the three operations are performed with three different independent keys. Due to the way that DES works, a decryption operation is very similar to an encryption operation, so it offers the same security if you use it as "encryption". If, instead of three independent and different keys, you make all three keys the same, you just get single DES. Due to the fact that 3DES-EDE is split into separate operations, you can compute all possible decryptions for the last operation and store the resulting blocks (for all possible 56-bit keys), then crack the remaining two 56-bit keys (i.e. a combined 112-bit key) until you find a result which matches one of the blocks in your storage. This is how the meet-in-the-middle attack works.


I suggest the following additional reading:

Polynomial
  • 132,208
  • 43
  • 298
  • 379