Java Reference
In-Depth Information
cryption with 40-bit keys; Cipher Block Chaining, and the Secure Hash Algorithm
checksum.
By default, the JDK 1.7 implementation enables all the encrypted authenticated suites
(the first 28 members of this list). If you want nonauthenticated transactions or au‐
thenticated but unencrypted transactions, you must enable those suites explicitly with
the
setEnabledCipherSuites()
method. You should probably avoid any of these suites
that contain NULL, ANON, or EXPORT in their names unless you want the NSA to
read your messages.
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is believed to be reasonably
secure against all known attacks. TLS_ECDHE_ECD‐
SA_WITH_AES_256_CBC_SHA256 is even better if you've enabled it. In general, any
suite that begins with TLS_ECDHE and ends with SHA256 or SHA384 is the strongest
possible encryption widely available today. Most others are subject to attacks of varying
levels of severity.
Besides key lengths, there's an important difference between DES/AES and RC4-based
ciphers. DES and AES are block ciphers (i.e., they encrypt a certain number of bits at a
time). DES always encrypts 64 bits. If 64 bits aren't available, the encoder has to pad the
input with extra bits. AES can encrypt blocks of 128, 192, or 256 bits, but still has to pad
the input if it doesn't come out to an even multiple of the block size. This isn't a problem
for file transfer applications such as secure HTTP and FTP, where more or less all the
data is available at once. However, it's problematic for user-centered protocols such as
chat and Telnet. RC4 is a stream cipher that can encrypt one byte at a time and is more
appropriate for protocols that may need to send a single byte at a time.
For example, let's suppose that Edgar has some fairly powerful parallel computers at his
disposal and can quickly break any encryption that's 64 bits or less and that Gus and
Angela know this. Furthermore, they suspect that Edgar can blackmail one of their ISPs
or the phone company into letting him tap the line, so they want to avoid anonymous
connections that are vulnerable to man-in-the-middle attacks. To be safe, Gus and An‐
gela decide to use only the strongest suite available, which happens to be
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256. This code fragment limits
their connection to that one suite:
String
[]
strongSuites
=
{
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
};
socket
.
setEnabledCipherSuites
(
strongSuites
);
If the other side of the connection doesn't support this encryption protocol, the socket
will throw an exception when they try to read from or write to it, thus ensuring that no
confidential information is accidentally transmitted over a weak channel.
