View Single Post
Old 03-14-2014, 07:49 AM  
MxxCon
Super Duper
 
Join Date: Oct 2001
Location: Brooklyn, NY
Posts: 3,881
Default

It looks like there's some confusion about what all these abbreviations actually mean.
Cipher suites follow the same naming convention. I'm quoting Wikipedia here:
Quote:
Each named cipher suite defines a key exchange algorithm, a bulk encryption algorithm, a message authentication code (MAC) algorithm, and a pseudorandom function (PRF). (RFC 5246, p. 40)
  • The key exchange algorithm is used to determine if and how the client and server will authenticate during the handshake. (RFC 5246, p. 47).
  • The bulk encryption algorithm is used to encrypt the message stream. It also includes the key size and the lengths of explicit and implicit initialization vectors (cryptographic nonces). (RFC 5246, p. 17)
  • The message authentication code (MAC) algorithm is used to create the message digest, a cryptographic hash of each block of the message stream. (RFC 5246, p. 17)
  • The pseudorandom function (PRF) is used to create the master secret, a 48-byte secret shared between the two peers in the connection. The master secret is used as a source of entropy when creating session keys, such as the one used to create the MAC. (RFC 5246, p. 16-17, 26)
Examples of algorithms used
key exchange/agreement
RSA, Diffie-Hellman, ECDH, SRP, PSK
authentication
RSA, DSA, ECDSA
bulk ciphers
RC4, Triple DES, AES, IDEA, DES, or Camellia. In older versions of SSL, RC2 was also used.
message authentication
for TLS, a Hash-based Message Authentication Code using MD5 or one of the SHA hash functions is used. For SSL, SHA, MD5, MD4, and MD2 are used.
This Mozilla page has a lit of recommended preferred Cipher suites. https://wiki.mozilla.org/Security/Server_Side_TLS
__________________
[Sig removed by Administrator: Signature can not exceed 20GB]
MxxCon is offline   Reply With Quote