An Introduction to Cipher Suites

I've had a lot of questions lately about encryption. Specifically, people have been asking me about what the various cipher suites mean in terms of encryption, and what all of the different parameters in suites like ECDHE-AES-128-GCM-SHA256 actually mean with regard to what is going on.

This article is to explain as plainly as possible what cipher suites are, how they are defined, and the agreed upon strength of the various components in the security community.

First: We need to understand the components of cipher suites.

There are typically three components to a cipher suite in OpenSSL and PolarSSL (the most common free encryption libraries, outside of the ones built into Windows). You have the handshake, which is typically handled by asymmetric encryption. The handshake is required because it is needed to mask the handoff of the secret key for the next stage. This is called the Initial Value (IV).

There are three common types of handshakes used, RSA, Diffie-Hellman (DH), and Elliptic Curve Diffie-Hellman (ECDH). All three varieties of the common handshakes rely on math to make them unbreakable. So while the tried and true older algorithms (RSA and DH) are fundamentally sound, they get weaker as time goes on, and require larger keys to remain secure. The more recent ECDH handshake is believed to be both faster and stronger, but it is far more complex, and the de-facto standard curves that were made the standards were chosen by the NSA. Furthermore, attempts to reverse engineer those curves without tampering with the values have failed, indicating that there may be a security flaw in the algorithm with standard curves that could lead to weakness.

Lastly for handshakes, there are Ephemeral keys. Ephemeral keys are temporary keys that are used once and thrown away. This means that if an attacker were able to work supercomputers and unknown math techniques to actually crack a key with tremendous effort, they would only decrypt a small block of data instead of getting access to all of the data. Typical shorthand for ephemeral handshakes is adding an "E" to the end of the handshake. 

In the case of VikingVPN, the keys in OpenVPN are changed every hour, and have a 4096-bit length.

Next is the Symmetrical Cipher, this is where the actual encryption of your data takes place. There are a huge number of ciphers so I won't cover them all in this article. The most common ciphers are AES, RC4, Camellia, and now Chacha20 because Google has recently put large efforts into making it a standard cipher by adding the code to OpenSSL and doing their own research on its viability as a mass-deployed product. Each of these ciphers is complex enough to require their own multi-page article to discuss. VikingVPN uses AES-256-CBC as our chosen cipher, although we are constantly doing research into better solutions from both a performance and security perspective.

Finally is the Hash, this has a bunch of names like Integrity Checking, Tamper Proofing, Verification, or simply a Hash. It is a crucial step because the hash is a unique code that is unidirectional. Without knowing the exact data that made the unique hash, there is no way to retrieve data from just a hash code. You take a block of data, and run it through a hash function, and you get a unique code out of the other end. If you run the exact same data through the hash function, you will get the exact same code every time. If you change the hash function even slightly, it will dramatically change the output of the hash. This is how you check for tampering, the hashes must match when run through the hash function in order to verify that the data that arrived is the same data that left on the other end of the network.

There are many types of hashes, and the NIST has adopted a nomenclature of SHA, SHA1, SHA2, SHA3, etc. It is also worth noting that there are older hashing algorithms like MD5, and newer non-standard hash algorithms like Skein that are very popular.

So knowing the components of a cipher suite, we can now interpret what a cipher suite is.

It may vary by the encryption product you are using, but i'm going to use OpenSSL as an example. It begins with a handshake, the middle is the cipher for the main encryption, and the end is the hash that is being used.

So if you see DHE-AES-128-CBC-SHA1 you can then interpret the suite as using Diffie Hellman (DH), and using throwaway keys (E for ephemeral), and AES with a 128-bit cipher length in Cipher Block Chaining mode (CBC), and the integrity check is using the SHA1 hash algorithm.

A second example would be ECDHE-AES-256-GCM-SHA512 you can then interpret the suite as using Elliptic Curve Diffie Hellman (ECDH), and using throwaway keys (E for ephemeral at the end of the handshake), and AES with a 256-bit cipher length in Galois Counter Mode (GCM) and the integrity check is using the SHA2 algorithm with a 512-bit length (SHA2 is denoted by the bit length of the hashing algorithm).


< last
next >