Explain TLS_RSA_WITH_3DES_EDE_CBC_SHA reported as 112 bits.
I am no expert in this area but after some searching I am not too sure about the solution.
An external vendor doing a penetration test on our server reported that we have TLS_RSA_WITH_3DES_EDE_CBC_SHA with 112 bits enabled and reported that as a threat. I have read that such ciphers can be disabled from the Microsoft site (We are on Windows Server 2008) which is great but after reading a bit more about what this means on a forum I see that it is a downgrade from 168 due to a vulnerability.
Extract:
I'm not a crypto-nerd but if I read this explanation correctly that particular cipher has an effective security of 112 bits but if the encryption is achieved by using 3 56 bit keys (3 X 56 = 168)
Answer:
"One might expect that 3TDEA would provide 56×3 = 168 bits of strength. However, there is an attack on 3TDEA that reduces the strength to the work that would be involved in exhausting a 112 bit key"
I can confirm that SSLLabs do in fact rate this cipher to be 112 not 168 which I presume is due to the vulnerability.
in this forum entry it is mentioned to be related to OpenSSL As an update, as of the June 20 snapshot of the OpenSSL codebase, the reported strength of the 3DES Cipher Suites is now 112 bits instead of 168. Ok. If this is correct then can this downgrade only apply to certificates issued with OpenSSL? I am not sure what the exact vulnerability is causing the downgrade to 112.
Either way, what is the actual approach to disable this. should I set the Registry key (Enabled = 0x0) under the following subkeys?:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers
Triple DES 112/112 or:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers
Triple DES 168/168
or both, or something else?
TLS_RSA_WITH_3DES_EDE_CBC_SHA -
You should disable all triple DES ciphers because 192 bit triple DES keys only have about 112 bits of security and 128 bit triple DES keys have even less than 112 bit security, rather around 80 bits for the best attacks. Furthermore, triple DES only has a 64 bit block size, which is detrimental to security as well. There is a difference between the key size in memory - including overhead like parity bits (192 bits), the bits used of the key (168 bits), the intended security of the key (112 bits) and the actual security given the attacks possible on the cipher (still 112 bits). The figures between parentheses are for triple DES keys (DES ABC). For double DES keys you will come to 128 bits / 112 bits / 112 bits and 80 bits.
AES 128 has an actual security of over 126 bits (128 bits encoded, 128 bits actual and 126 bits of security) it should be strongly preferred. It's also much faster than 3DES and is widely supported, so disabling 3DES altogether should be the preferred option - unless you are certain that clients will fail. In general you should try and achieve a security of around 128 bits or over.
Notes: the strength of the symmetric cipher used in TLS has nothing to do with the certificate used; The 112 bits of security is because of a meet-in-the-middle attack which was already known when 3DES was designed, so 112 bit is the intended strength of three key 3DES.