When configuring a web server, you notice the following Cipher Suites are available to use for TLS-based connections:
• Cipher Suite 1: TLS_ECDHE_RSA_AES_128_CBC_SHA256
• Cipher Suite 2: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Answer the following questions regarding these two cipher suites.
i. What is the key exchange (Kx) algorithm in Cipher Suite 2?
ii. What is the authentication (Au) algorithm in Cipher Suite 1?
iii. What is the key size of the symmetric cipher in Cipher Suite 1?
iv. What is the effective key size of the symmetric cipher in Cipher Suite 2?
v. What is the message integrity algorithm in Cipher Suite 2?
vi. You are working on a new web store for a client and need to assist the server administrator to configure the web server security settings. State which of these two Cipher Suites would you prefer to use in this context and suggest two reasons why.
(*Note: Please up-vote. If any doubt, please let me know in the comments)
i.
key exchange (Kx) algorithm is given in the second term so in Cipher Suite 2 it is DHE Diffie–Hellman key exchange.
ii.
the authentication (Au) algorithm in Cipher Suite 1 is RSA (Rivest Shamir Adleman algorithm) as indicated by the third term.
iii.
The key size of the symmetric cipher in cipher suite 1 is 128 bits as indicated by 128 written with AES (cipher name).
iv.
The effective key size in 3DES is 3*56 = 168 bits
v.
The message integrity algorithm in Cipher Suite 2 is SHA (Secure Hash Algorithms) as indicated by the last term.
vi.
I would choose cipher suite 1 as it is more secure, as required for a web store, due to following reasons:
1. AES used in suite 1 is more secure than 3DES in suite2
2. SHA256 used in suite 1 is more secured as compared to SHA which is vulnerable to collision attacks.
Get Answers For Free
Most questions answered within 1 hours.