· 2 min read
TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA Cipher Suite
A breakdown of the Cipher Suite TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, its strengths, and its weaknesses.
Key Exchange Mechanism
Rivest, Shamir, Adleman - RSA
Grade - B
RSA key exchange does not provide perfect forward secrecy because if an attacker captures the RSA private key, they can decrypt all past communications encrypted with the corresponding public key. This is due to the static nature of the key pairs used in RSA, which contrasts with protocols like Diffie-Hellman, where ephemeral keys ensure that past sessions remain secure even if current keys are compromised.
Authentication
Rivest, Shamir, Adleman - RSA
Grade - A
RSA as an authentication mechanism in cipher suites is secure because it relies on the difficulty of factoring large prime numbers. This makes it computationally infeasible for attackers to derive the private key from the public key, ensuring confidentiality and integrity in secure communications.
Hash
Secure Hash Algorithm - SHA
Grade - D
Chosen prefix attacks for SHA1 are feasible at an accessible cost to a well-funded adversary. This level of expense, while significant, does not pose a substantial barrier to attackers with sufficient resources, making such attacks a credible threat.
Cipher Mode
Cipher Block Chaining - CBC
Grade - D
Cipher Block Chaining (CBC) mode is vulnerable to the Lucky13 and POODLE (in TLS v1.2 and below) attacks. The Lucky13 attack exploits timing discrepancies in padding validation, allowing attackers to gradually reveal plaintext. The POODLE attack leverages padding errors to decrypt ciphertext by repeatedly modifying and sending it to the server, observing the error responses. These vulnerabilities arise from CBC’s handling of padding and error messages, making it less secure than modern encryption modes like Galois Counter Mode (GCM), which offer stronger integrity and confidentiality guarantees.