docs: More content updates.

northwood-labs · Dec 12, 2024 · dbc9e7f · dbc9e7f
1 parent 8369aae
commit dbc9e7f
Show file tree

Hide file tree

Showing 39 changed files with 447 additions and 161 deletions.
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
@@ -1 +0,0 @@
-

diff --git a/content/classes/_index.md b/content/classes/_index.md
@@ -5,3 +5,5 @@ layout: list
 ---
 
 ## By type
+
+A list of groups (classes) that security vulnerabilities targeting SSL/TLS fit into, by name.
diff --git a/content/learning/_index.md b/content/learning/_index.md
@@ -4,4 +4,10 @@ description: What do the results mean?
 layout: list
 ---
 
+## Overview
+
+Instead of only telling you **WHAT** is wrong with a website, we also want to educate about **WHY** something is a problem, and **HOW** you can go about fixing it.
+
+If you feel that something is missing, or we can explain something better, please [create an issue](https://github.com/northwood-labs/devsec-tools/issues) and let us know!
+
 ## How does this stuff work?
diff --git a/content/learning/http-version.md b/content/learning/http-version.md
@@ -42,6 +42,38 @@ docs:
   nginx:
     docs: "https://www.slingacademy.com/article/enable-http2-http3-nginx/"
 
+learn_more:
+  - text: 'HTTP Working Group'
+    url: https://httpwg.org
+    source: Official
+
+  - text: 'HTTP/2 vs. HTTP/1.1: How do they affect web performance?'
+    url: https://www.cloudflare.com/learning/performance/http2-vs-http1.1/
+    source: Cloudflare
+
+  - text: 'What is HTTP/3?'
+    url: https://www.cloudflare.com/learning/performance/what-is-http3/
+    source: Cloudflare
+
+  - text: 'HTTP/2'
+    url: https://en.wikipedia.org/wiki/HTTP/2
+    source: Wikipedia
+
+  - text: 'HTTP/3'
+    url: https://en.wikipedia.org/wiki/HTTP/3
+    source: Wikipedia
+
+  - text: 'Evolution of HTTP'
+    url: https://developer.mozilla.org/en-US/docs/Web/HTTP/Evolution_of_HTTP
+    source: Mozilla Developer Network
+
+  - text: 'Comparison of the usage statistics of HTTP/2 vs. HTTP/3 for websites'
+    url: https://w3techs.com/technologies/comparison/ce-http2,ce-http3
+    source: W3Techs
+
+  - text: 'HTTP/2 and HTTP/3 explained'
+    url: https://alexandrehtrb.github.io/posts/2024/03/http2-and-http3-explained/
+
 ---
 
 ## Summary
@@ -62,25 +94,6 @@ Nobody is left out, and modern software is able to take advantage of modern conn
 
     According to [w3techs.com](https://w3techs.com/technologies/comparison/ce-http2,ce-http3) (in research [cited by Mozilla](https://developer.mozilla.org/en-US/docs/Web/HTTP/Evolution_of_HTTP#http2_–_a_protocol_for_greater_performance)), approximately 37% of the top million websites support HTTP/3, and approximately 32% of **all** websites have added support.
 
-## Learn more about HTTP…
-
-* [HTTP Working Group](https://httpwg.org) (Official)
-* [HTTP/2 vs. HTTP/1.1: How do they affect web performance?](https://www.cloudflare.com/learning/performance/http2-vs-http1.1/) (Cloudflare)
-* [What is HTTP/3?](https://www.cloudflare.com/learning/performance/what-is-http3/) (Cloudflare)
-* [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) (Wikipedia)
-* [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3) (Wikipedia)
-* [Evolution of HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Evolution_of_HTTP) (Mozilla Developer Network)
-* [Comparison of the usage statistics of HTTP/2 vs. HTTP/3 for websites](https://w3techs.com/technologies/comparison/ce-http2,ce-http3) (W3Techs)
-* [HTTP/2 and HTTP/3 explained](https://alexandrehtrb.github.io/posts/2024/03/http2-and-http3-explained/)
-
-## Learn more about QUIC…
-
-* [QUIC Working Group](https://quicwg.org) (Official)
-* [QUIC, a multiplexed transport over UDP](https://www.chromium.org/quic/) (Chromium)
-* [Introducing QUIC support for HTTPS load balancing](https://cloud.google.com/blog/products/gcp/introducing-quic-support-https-load-balancing) (Google Cloud Platform)
-* [The Road to QUIC](https://blog.cloudflare.com/the-road-to-quic/) (Cloudflare)
-* [QUIC](https://en.wikipedia.org/wiki/QUIC) (Wikipedia)
-
 [HTTP/1.0]: https://datatracker.ietf.org/doc/html/rfc1945
 [HTTP/1.1]: https://datatracker.ietf.org/doc/html/rfc9112
 [HTTP/2]: https://datatracker.ietf.org/doc/html/rfc9113

diff --git a/content/learning/recommended-cipher-suites.md b/content/learning/recommended-cipher-suites.md
@@ -0,0 +1,54 @@
+---
+title: Recommended cipher suites
+description: Reduce the attack surface of your website by enabling secure handshakes
+layout: learn-single
+---
+
+## Overview
+
+In {{% year %}}, there are only two configurations which are considered fully secure, and both should be offered to end-users:
+
+## TLS versions
+
+* <span class="ui-badge-success-wrap">{{% svg-check %}} TLS 1.3</span>+ <span class="ui-badge-success-wrap">{{% svg-check %}} TLS 1.2</span>
+
+* <span class="ui-badge-error-wrap">{{% svg-x %}} TLS 1.1</span>, <span class="ui-badge-error-wrap">{{% svg-x %}} TLS 1.0</span>, <span class="ui-badge-error-wrap">{{% svg-x %}} SSLv3</span>, and <span class="ui-badge-error-wrap">{{% svg-x %}} SSLv2</span>
+
+## TLS 1.3 cipher suites
+
+In order to simplify configuration and increase security, [TLS 1.3] _only defines_ three cipher suites which are meant to be non-configurable.
+
+1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_AES_128_GCM_SHA256</span>
+
+1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_AES_256_GCM_SHA384</span>
+
+1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_CHACHA20_POLY1305_SHA256</span>
+
+## TLS 1.2 cipher suites with _Forward Secrecy_
+
+### Recommended
+
+[TLS 1.2] carried-forward the habit of allowing administrators to configure which cipher suites to support, which led to _several_ security vulnerabilies being exposed during the 2010s.
+
+As a result, these are the only cipher suites with no known vulnerabilities left, and are likely to work with most server software.
+
+1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+
+1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+
+1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+
+These are equivalent to the cipher suite identifiers used in **TLS 1.3**. The only difference being that they specify the key exchange (`ECDHE`) and the authenticating signing mechanism (`ECDSA`), whereas the TLS 1.3 cipher suites do not.
+
+### Tolerable
+
+The following cipher suites are **also secure**, and you can add them **in addition to** the _Recommended_ cipher suites. However they aren't **recommended** because _RSA Authentication Signing_ with keys over 2048 bits can have a notable impact to performance.
+
+1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+
+1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+
+1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+
+[TLS 1.2]: https://datatracker.ietf.org/doc/html/rfc5246
+[TLS 1.3]: https://datatracker.ietf.org/doc/html/rfc8446
diff --git a/content/learning/tls/3des.md b/content/learning/tls/3des.md
@@ -28,12 +28,12 @@ The best way to avoid vulnerabilities is to _only_ allow TLS 1.2 (with recommend
 
 ## Information
 
-| Field        | Value                |
-|--------------|----------------------|
-| Kind         | Encryption algorithm |
-| Invented     | 1981                 |
-| Cracked      | 2016                 |
-| Related tech | [EMV]                |
+| Field        | Value              |
+|--------------|--------------------|
+| Kind         | {{% param-kind %}} |
+| Invented     | 1981               |
+| Cracked      | 2016               |
+| Related tech | [EMV]              |
 
 [EMV]: https://en.wikipedia.org/wiki/EMV
 [Triple-DES]: https://en.wikipedia.org/wiki/Triple_DES
diff --git a/content/learning/tls/_index.md b/content/learning/tls/_index.md
@@ -26,55 +26,6 @@ In [TLS Vulnerabilities]({{% relref "vulns" %}}), we list a number of known vuln
 
 Rather than continuing to allow access to older cipher suites with outdated security in order to allow older clients and web browsers to connect, the lessons from the 2010s taught us that it's the _future or bust_.
 
-In {{% year %}}, there are only two configurations which are considered fully secure, and both should be offered to end-users:
-
-## Recommended settings
-
-### TLS versions
-
-* <span class="ui-badge-success-wrap">{{% svg-check %}} TLS 1.3</span>+ <span class="ui-badge-success-wrap">{{% svg-check %}} TLS 1.2</span>.
-
-* <span class="ui-badge-error-wrap">{{% svg-x %}} TLS 1.1</span>, <span class="ui-badge-error-wrap">{{% svg-x %}} TLS 1.0</span>, <span class="ui-badge-error-wrap">{{% svg-x %}} SSLv3</span>, and <span class="ui-badge-error-wrap">{{% svg-x %}} SSLv2</span>.
-
-### TLS 1.3 cipher suites
-
-In order to simplify configuration and increase security, [TLS 1.3] has _only_ three cipher suites which are meant to be non-configurable.
-
-1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_AES_128_GCM_SHA256</span>
-
-1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_AES_256_GCM_SHA384</span>
-
-1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_CHACHA20_POLY1305_SHA256</span>
-
-### TLS 1.2 cipher suites with _Forward Secrecy_
-
-#### Recommended
-
-[TLS 1.2] carried-forward the habit of allowing administrators to configure which cipher suites to support, which led to _several_ security vulnerabilies being exposed during the 2010s.
-
-As a result, these are the only cipher suites with no known vulnerabilities left, and are likely to work with most server software.
-
-1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
-
-1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
-
-1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
-
-These are equivalent to the cipher suite identifiers used in **TLS 1.3**. The only difference being that they specify the key exchange (`ECDHE`) and the authenticating signing mechanism (`ECDSA`).
-
-#### Tolerable
-
-The following cipher suites are also **secure**, and you can add them **in addition to** the _Recommended_ cipher suites. However they aren't **recommended** because _RSA Authentication Signing_ with keys over 2048 bits can have a notable impact to performance.
-
-1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
-
-1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
-
-1. <span class="ui-badge-success-wrap">{{% svg-check %}} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
-
 ## Parts of a cipher suite
 
 If any one part of a cipher suite has an issue, it can compromise the integrity of the entire cipher suite.
-
-[TLS 1.2]: https://datatracker.ietf.org/doc/html/rfc5246
-[TLS 1.3]: https://datatracker.ietf.org/doc/html/rfc8446
diff --git a/content/learning/tls/aes.md b/content/learning/tls/aes.md
@@ -15,7 +15,7 @@ The [Advanced Encryption Standard][AES] (AES), also known as _Rijndael_, is a sy
 
 | Field        | Value                                                                                           |
 |--------------|-------------------------------------------------------------------------------------------------|
-| Kind         | Encryption algorithm                                                                            |
+| Kind         | {{% param-kind %}}                                                                              |
 | Invented     | 1998                                                                                            |
 | Cracked      | -                                                                                               |
 | Related tech | [FIPS-197], [ISO 18033-3], [FileVault 2], [Linux Crypto], [Libsodium], [VeraCrypt], [BitLocker] |

diff --git a/content/learning/tls/anon.md b/content/learning/tls/anon.md
@@ -20,8 +20,8 @@ Any cipher suite with `anon` in the name should be avoided.
 
 ## Information
 
-| Field | Value                |
-|-------|----------------------|
-| Kind  | Encryption algorithm |
+| Field | Value              |
+|-------|--------------------|
+| Kind  | {{% param-kind %}} |
 
 [MITM]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
diff --git a/content/learning/tls/aria.md b/content/learning/tls/aria.md
@@ -15,11 +15,11 @@ It is derived from [AES]({{% relref "AES" %}}), and the [source code of its refe
 
 ## Information
 
-| Field    | Value                |
-|----------|----------------------|
-| Kind     | Encryption algorithm |
-| Invented | 2003                 |
-| Cracked  | -                    |
+| Field    | Value              |
+|----------|--------------------|
+| Kind     | {{% param-kind %}} |
+| Invented | 2003               |
+| Cracked  | -                  |
 
 [ARIA]: https://en.wikipedia.org/wiki/ARIA_(cipher)
 [RFC6209]: https://datatracker.ietf.org/doc/html/rfc6209

diff --git a/content/learning/tls/camellia.md b/content/learning/tls/camellia.md
@@ -0,0 +1,53 @@
+---
+title: Camellia
+description: ✅ Secure encryption algorithm
+layout: learn-single
+
+tls_part: encryption-algo
+
+learn_more:
+  - text: 'Official English-Language Camellia Homepage'
+    url: https://info.isl.ntt.co.jp/crypt/eng/camellia/
+    source: NTT
+
+  - text: 'A Description of the Camellia Encryption Algorithm'
+    url: https://datatracker.ietf.org/doc/html/rfc3713
+    source: IETF
+
+  - text: 'Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)'
+    url: https://datatracker.ietf.org/doc/html/rfc6367
+    source: IETF
+
+  - text: 'Camellia source code'
+    url: https://embeddedsw.net/Cipher_Reference_Home.html#CAMELLIA
+
+---
+
+## Summary
+
+[Camellia] is a symmetric key block cipher developed by _Mitsubishi Electric_ and _NTT of Japan_, approved for use by [ISO/IEC][ISO 18033-3], [NESSIE], and [CRYPTREC].
+
+It is considered a modern, safe cipher with security levels comparable to [AES]({{% relref "AES" %}}). Camellia has been adopted in various security libraries, protocols, and applications, including TLS, IPsec, Kerberos, and OpenPGP.
+
+It became an international standard in [ISO 18033-3].
+
+## Information
+
+| Field        | Value                                                         |
+|--------------|---------------------------------------------------------------|
+| Kind         | {{% param-kind %}}                                            |
+| Invented     | 2000                                                          |
+| Cracked      | -                                                             |
+| Ephemeral    | _Yes_                                                         |
+| Related tech | [IPsec], [Kerberos], [PGP], [PKCS #11], [S/MIME], [VeraCrypt] |
+
+[Camellia]: https://en.wikipedia.org/wiki/Camellia_(cipher)
+[CRYPTREC]: https://en.wikipedia.org/wiki/CRYPTREC
+[IPsec]: https://en.wikipedia.org/wiki/IPsec
+[ISO 18033-3]: https://www.iso.org/standard/54531.html
+[Kerberos]: https://en.wikipedia.org/wiki/Kerberos_(protocol)
+[NESSIE]: https://en.wikipedia.org/wiki/NESSIE
+[PGP]: https://pgpkeys.org/docs/pgpfaq.html#HDPK
+[PKCS #11]: https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html
+[S/MIME]: https://datatracker.ietf.org/doc/html/rfc8551
+[VeraCrypt]: https://en.wikipedia.org/wiki/VeraCrypt
diff --git a/content/learning/tls/cbc.md b/content/learning/tls/cbc.md
@@ -7,8 +7,10 @@ tls_part: encryption-algo
 
 vulns:
   - beast
+  - goldendoodle
   - lucky-13
   - poodle
+  - zombie-poodle
 
 ---
 
@@ -20,10 +22,10 @@ Any cipher suite with `CBC` in the name should be avoided.
 
 ## Information
 
-| Field    | Value                |
-|----------|----------------------|
-| Kind     | Encryption algorithm |
-| Invented | 1976                 |
-| Cracked  | 2011                 |
+| Field    | Value              |
+|----------|--------------------|
+| Kind     | {{% param-kind %}} |
+| Invented | 1976               |
+| Cracked  | 2011               |
 
 [CBC]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_block_chaining_(CBC)
diff --git a/content/learning/tls/des.md b/content/learning/tls/des.md
@@ -20,12 +20,12 @@ Any cipher suite with `DES` in the name should be avoided.
 
 ## Information
 
-| Field        | Value                |
-|--------------|----------------------|
-| Kind         | Encryption algorithm |
-| Invented     | 1972                 |
-| Cracked      | 1997                 |
-| Related tech | [FIPS-46]            |
+| Field        | Value              |
+|--------------|--------------------|
+| Kind         | {{% param-kind %}} |
+| Invented     | 1972               |
+| Cracked      | 1997               |
+| Related tech | [FIPS-46]          |
 
 [cracked]: https://web.archive.org/web/20170507231657/https://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html
 [DES]: https://en.wikipedia.org/wiki/Data_Encryption_Standard

diff --git a/content/learning/tls/dh.md b/content/learning/tls/dh.md
@@ -30,13 +30,13 @@ The newer [elliptic-curve][ECC] (ECDHE) key exchange algorithms are more secure
 
 ## Information
 
-| Field        | Value        |
-|--------------|--------------|
-| Kind         | Key exchange |
-| Invented     | 1976         |
-| Cracked¹     | 2015         |
-| Ephemeral    | _No_         |
-| Related tech | [PGP]        |
+| Field        | Value              |
+|--------------|--------------------|
+| Kind         | {{% param-kind %}} |
+| Invented     | 1976               |
+| Cracked¹     | 2015               |
+| Ephemeral    | _No_               |
+| Related tech | [PGP]              |
 
 ¹ While not strictly "cracked", research has shown that the hacking agencies of nation-states can afford the compute resources required to crack these types of encrypted messages — up through 1024-bit keys. 2048-bit keys are, at present, still strong enough to make cracking mathematically impossible (pre-<a href="https://en.wikipedia.org/wiki/Quantum_computing">Quantum computing</a>).
 

diff --git a/content/learning/tls/dhe.md b/content/learning/tls/dhe.md
@@ -31,13 +31,13 @@ The newer [elliptic-curve][ECC] (ECDHE) key exchange algorithms are more secure
 
 ## Information
 
-| Field        | Value        |
-|--------------|--------------|
-| Kind         | Key exchange |
-| Invented     | 1976         |
-| Cracked¹     | 2015         |
-| Ephemeral    | _Yes_        |
-| Related tech | [PGP]        |
+| Field        | Value              |
+|--------------|--------------------|
+| Kind         | {{% param-kind %}} |
+| Invented     | 1976               |
+| Cracked¹     | 2015               |
+| Ephemeral    | _Yes_              |
+| Related tech | [PGP]              |
 
 ¹ While not strictly "cracked", research has shown that the hacking agencies of nation-states can afford the compute resources required to crack these types of encrypted messages — up through 1024-bit keys. 2048-bit keys are, at present, still strong enough to make cracking mathematically impossible (pre-<a href="https://en.wikipedia.org/wiki/Quantum_computing">Quantum computing</a>).
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,3 +5,5 @@ layout: list
		---

		## By type

		A list of groups (classes) that security vulnerabilities targeting SSL/TLS fit into, by name.