Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:124610
Feedback-ID: ifab94697:Fastmail
User-Agent: Cyrus-JMAP/3.11.0-alpha0-582-g5a02f8850-fm-20240719.002-g5a02f885
Precedence: bulk
MIME-Version: 1.0
Message-ID: <cf0f0b2b-5df8-4b7b-bb03-a705f37d5e4a@app.fastmail.com>
In-Reply-To: <6c0baa01-68e5-4d74-bc4e-d6830ab5076d@bastelstu.be>
References: 
 <USzt7tZZlO1DmAbSTLhD-bqa23FqZn0zk2aah8Ndxgk9c7RY5PefQ8MjbYPUYAzr2_m4Cf-5AI4PuNBTS84rim_FNS6RaT-cWSv714HEvvU=@gpb.moe>
 <1a88918e-e808-d778-45e1-53797660e093@php.net>
 <CAPrKfG5Cw_nU7g7FR+t4C1-YZ8CDsDO_-sRs=yEsHO5kCTZL+A@mail.gmail.com>
 <95147d9d-d6e8-4396-bf0b-409c33679f90@bastelstu.be>
 <CAPrKfG4TijmZ_N9512_Fk9MBUNg=E6PjNTy-bCbV8CAj9_wX8A@mail.gmail.com>
 <6c0baa01-68e5-4d74-bc4e-d6830ab5076d@bastelstu.be>
Date: Fri, 26 Jul 2024 14:50:58 +0200
To: =?UTF-8?Q?Tim_D=C3=BCsterhus?= <tim@bastelstu.be>,
 "Peter Stalman" <sarkedev@gmail.com>
Cc: "Derick Rethans" <derick@php.net>,
 "PHP internals" <internals@lists.php.net>
Subject: Re: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4
Content-Type: multipart/alternative;
 boundary=96c1010f7e1e490494dac26c87562337
From: rob@bottled.codes ("Rob Landers")

--96c1010f7e1e490494dac26c87562337
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 26, 2024, at 13:58, Tim D=C3=BCsterhus wrote:
> Hi
>=20
> On 7/26/24 08:35, Peter Stalman wrote:
> > How prevalent is this exactly? PHP 4 ended support in 2008.  I think
> > putting warning labels on these things in the docs is enough, but we=
 can't
> > go around locking up every kitchen knife just because there are some=
 idiots
> > out there who read a book from the 50s about the war.
>=20
> I just Googled "PHP tutorial" and found https://www.phptutorial.net/ a=
s=20
> the second search result, which considers itself to be "the modern PHP=20
> tutorial".
>=20
> I've clicked at the CSRF section=20
> (https://www.phptutorial.net/php-tutorial/php-csrf/) and what do I fin=
d:
>=20
> > $_SESSION['token'] =3D md5(uniqid(mt_rand(), true));
>=20
> *Exactly* the md5-uniqid construction that is called out as unsafe in=20
> the RFC and used in a security context.

In regards to hashing, this is likely fine; for now. There still isn't a=
n arbitrary pre-image attack on md5 (that I'm aware of). Can you create =
a random file with a matching hash? Yes, in a few seconds, on modern har=
dware. But you cannot yet make it have arbitrary contents in our lifetim=
e. The NSA probably has something like this though, but if so, this isn'=
t widely known.

That being said, this is just randomly creating a random id without leak=
ing it's internal construction, no different than putting an md5 in a UU=
ID-v8. The real issue here is the use of uniqid() and rand(), making it =
quite likely (at scale, at least) that a session id will overlap with an=
other session id.

=E2=80=94 Rob
--96c1010f7e1e490494dac26c87562337
Content-Type: text/html;charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html><head><title></title><style type=3D"text/css">p.Mso=
Normal,p.MsoNoSpacing{margin:0}</style></head><body><div>On Fri, Jul 26,=
 2024, at 13:58, Tim D=C3=BCsterhus wrote:<br></div><blockquote type=3D"=
cite" id=3D"qt" style=3D""><div>Hi<br></div><div><br></div><div>On 7/26/=
24 08:35, Peter Stalman wrote:<br></div><div>&gt; How prevalent is this =
exactly? PHP 4 ended support in 2008.&nbsp; I think<br></div><div>&gt; p=
utting warning labels on these things in the docs is enough, but we can'=
t<br></div><div>&gt; go around locking up every kitchen knife just becau=
se there are some idiots<br></div><div>&gt; out there who read a book fr=
om the 50s about the war.<br></div><div><br></div><div>I just Googled "P=
HP tutorial" and found&nbsp;<a href=3D"https://www.phptutorial.net/">htt=
ps://www.phptutorial.net/</a> as&nbsp;<br></div><div>the second search r=
esult, which considers itself to be "the modern PHP&nbsp;<br></div><div>=
tutorial".<br></div><div><br></div><div>I've clicked at the CSRF section=
&nbsp;<br></div><div>(<a href=3D"https://www.phptutorial.net/php-tutoria=
l/php-csrf/">https://www.phptutorial.net/php-tutorial/php-csrf/</a>) and=
 what do I find:<br></div><div><br></div><div>&gt; $_SESSION['token'] =3D=
 md5(uniqid(mt_rand(), true));<br></div><div><br></div><div>*Exactly* th=
e md5-uniqid construction that is called out as unsafe in&nbsp;<br></div=
><div>the RFC and used in a security context.<br></div></blockquote><div=
><br></div><div>In regards to hashing, this is likely fine; for now. The=
re still isn't an arbitrary pre-image attack on md5 (that I'm aware of).=
 Can you create a random file with a matching hash? Yes, in a few second=
s, on modern hardware. But you cannot yet make it have arbitrary content=
s in our lifetime. The NSA probably has something like this though, but =
if so, this isn't widely known.<br></div><div><br></div><div>That being =
said, this is just randomly creating a random id without leaking it's in=
ternal construction, no different than putting an md5 in a UUID-v8. The =
real issue here is the use of uniqid() and rand(), making it quite likel=
y (at scale, at least) that a session id will overlap with another sessi=
on id.<br></div><div><br></div><div id=3D"sig121229152">=E2=80=94 Rob<br=
></div></body></html>
--96c1010f7e1e490494dac26c87562337--