Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:20071
Return-Path: <r.korving@xit.nl>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 99266 invoked by uid 1010); 16 Nov 2005 18:24:18 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 99250 invoked from network); 16 Nov 2005 18:24:18 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Nov 2005 18:24:18 -0000
X-Host-Fingerprint: 81.68.134.212 c514486d4.cable.wanadoo.nl  
Received: from ([81.68.134.212:27684] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id 75/66-07637-9497B734 for <internals@lists.php.net>; Wed, 16 Nov 2005 13:24:09 -0500
Message-ID: <75.66.07637.9497B734@pb1.pair.com>
To: internals@lists.php.net
References: <20051115221143.GA28082@hardened-php.net> <437B08C8.20804@iamjochem.com> <437B0C46.3080809@php.net>
Date: Wed, 16 Nov 2005 19:21:19 +0100
Lines: 43
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Posted-By: 81.68.134.212
Subject: Re: [PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support
From: r.korving@xit.nl ("Ron Korving")

I just read this news that an MD5 collision can now be done by anyone in 45
minutes (avg) on a P4 1.6 GHz:
http://it.slashdot.org/article.pl?sid=05/11/15/2037232&threshold=-1&tid=172&tid=93&tid=228
http://www.stachliu.com.nyud.net:8090/collisions.html

MD5 as the standard for hashing is definately history. All the more reason
for sha256- and alike-functions.

Ron


"Stefan Esser" <sesser@php.net> wrote in message
news:437B0C46.3080809@php.net...
> Hello,
>
> > assuming this is true then the built in session handler is pretty
> > vulnerable right now no?
> > one only has the choice of md5 or sha1 for the hashing mechanism of
> > the session handlers id
> > as far as I can see ... if php gets a sha256 in the core it would
> > possibly be a good thing
> > to make that available as an option for session.hash_function?
>
> I did not want to cause some "panic". MD5 and SHA1 are not completely
> broken yet. I think people usually only call a hash function completely
> broken when preimage attacks are possible. This means for a given
> startvector you can create some input to get a desired endvector. During
> the last year there have been various reports about much faster attacks
> in normal collision generation, which means the time needed to you just
> try to find 2 collisions. (you never know how fast it will be possible
> in 1 year from now)
>
> The session handler on the other hand is not really vulnerable to this,
> even if there are preimage attacks. In the session handler MD5/SHA1 are
> merely used to convert a random number into some other format. Even if
> there are preimage attacks on MD5 and SHA1 the "security" of the session
> handler relies on not guessable random numbers.
> (However it would not be much work to use sha256 in the session
> extension as another option once it is in core)
>
> Stefan