Category: Security

What are Cipher Suites Explained

What are Cipher Suites Explained

Cipher Suites

Cipher SuitesSo when I mention Cipher suites, most people will find the nearest hole to hide in or think its an encryption protocol. But do you really need to know what Cipher Suites are and how they work. Well yes and no. You should have an overall understanding as these ciphers protect your communication channels between servers, websites or applications. Cipher suites are not indestructible and ciphers have been exposed to vulnerabilities.

What it is?

Cipher suites are used in TLS and SSL protocols. They are fundamentally based upon the HMAC (Keyed hash Message Authentication Code which used a cryptographic hash function and a secret cryptographic key)

How it works?

There are many ciphers available and it is the responsibility of the server to select a cipher to communicate upon. This is accomplished by  the client sending a list of available cipher it supports in order of preference to the server in a process called handshaking where the client says “hello” to the server and the server replying with “hello” and replies with the cipher suite it has selected.

What does it look like?

A cipher suite at first glance may look like a jumble of words, but lets break an example down:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

The first section is stating what protocol the cipher is, so in our case TLS.

The second section states the key exchange algorithm ECDHE_RSA determines how the client/server will authenticate.

The third section states the bulk encryption algorithm in our case AES_128_GCM. This determines how to encrypt the message including key size.

The last section states the hash algorithm that is used to create the cryptographic hash of each block and in our case it is SHA256.

What about Null Cipher suites?

Well you may have come across Null Cipher Suites especially working with DirectAccess. When the word Null; is mentioned it is quickly seen as a secuirty risk. So lets discuss a Null Cipher suite. Null Cipher suites are encrypted however it is seen as an ancient form of encryption which always gets flagged up on audits. The message stream is encrypted with plain text and not random gibberish that you would expect for example:

KamHussain if encrypted using Null Cipher’s could look like:

Kangaroo Ant Mammoth Hyena Unicorn Seagal Seagal Alien Neptune

As you can see from above the message is encrypted, the first letter of each word if taken away makes up KamHussain.

So is this secure, well lets say you wouldn’t want to use this unless you have a specific requirement.