Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:48306 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 57109 invoked from network); 18 May 2010 02:47:59 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 May 2010 02:47:59 -0000 Authentication-Results: pb1.pair.com header.from=tjerk.meesters@gmail.com; sender-id=pass; domainkeys=bad Authentication-Results: pb1.pair.com smtp.mail=tjerk.meesters@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.170 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: tjerk.meesters@gmail.com X-Host-Fingerprint: 209.85.160.170 mail-gy0-f170.google.com Received: from [209.85.160.170] ([209.85.160.170:52593] helo=mail-gy0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 6D/EB-05421-FDFF1FB4 for ; Mon, 17 May 2010 22:47:59 -0400 Received: by gyf2 with SMTP id 2so2578138gyf.29 for ; Mon, 17 May 2010 19:47:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=/YaDnHvi9Xk+tBqT+mc/J+BUgs7NTqmhyvrsZab3zxw=; b=HAX+QSMItVkk/P72TFXLusbbQ2oSbjuwXa12C3GiR6kCJjlefBVEiopO+RrRe+c3hX G7WscOSMD6Ey9ajYUAILt0YBodEh/WIhq8KIIoMEuviA1wMwPs2bVTKBeMOcnVwWjw6P QnR/IXsRoSqeo7gnebhSTTneIDKhlyn8NqqL4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=AFGmpuHR67veosN5kHu0zqHiyHl/n4b5pytjjXFgVY2jIUHHnNsLwPUOI+bZoZZr2C LaO+0YA/pXw48h9xcoFUDaXtCvRvAUppuaee8+9PU70LjDFsDcA65fESej2OZoNr6qzQ VfqadBxF9b6D5blI7ChVnSYypSYUJSXG1iLGY= MIME-Version: 1.0 Received: by 10.150.141.2 with SMTP id o2mr7419910ybd.332.1274150876143; Mon, 17 May 2010 19:47:56 -0700 (PDT) Sender: tjerk.meesters@gmail.com Received: by 10.150.51.15 with HTTP; Mon, 17 May 2010 19:47:56 -0700 (PDT) In-Reply-To: References: Date: Tue, 18 May 2010 10:47:56 +0800 X-Google-Sender-Auth: prYPt95GNulub0cgw0ooZ9oB1sk Message-ID: To: Davey Shafik Cc: Sara Golemon , internals@lists.php.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] openssl_(en|de)crypt missing IV From: datibbaw@php.net (Tjerk Anne Meesters) On Tue, May 18, 2010 at 10:19 AM, Davey Shafik wrote: > The least disruptive change would be to have it as the last arg, and defa= ult to the current all-null value. > > Perhaps you could do this and add a warning akin to the date.timezone if = none is passed? > > Having said that, I don't think the disruption would be too bad, I haven'= t seen much use of the openssl stuff in the > wild; it's pretty much pointless anyways, everybody knows you can decrypt= anything with a modem coupler and > any 15 year old kid... Don't think this warrants a notice/warning in existing code; for those who are concerned about this, a simple release note stating a fifth parameter has been added to openssl_encrypt should suffice IMO. That said, having a "truly" random and big enough IV (OTP) should keep hackers away for some time. There are also alternatives that already accept IV in their encrypt() methods; mcrypt comes to mind ;-) > > Another option, is an openssl_set_iv($iv); method, that would setup for o= penssl_encrypt/decrypt to use, otherwise > use the current all-null option.... > > This has the added benefit of being as global as you like, and no need to= keep passing the IV to encrypt/decrypt > all over the place. It has the potential of clashing when you bring multi= ple codebases together however (i.e a framework). > Possible to limit to a single namespace? > > - Davey > > > On May 17, 2010, at 9:53 PM, Sara Golemon wrote: > >> I was just looking through the implementation of openssl_encrypt() (and = openssl_decrypt()) today because I need to make some encrypted payloads, bu= t the prototype didn't have anywhere to place an initialization vector. >> >> On opening ext/openssl/openssl.c, I noticed line 4620 which simply hardc= odes IV as a string of NULL bytes. >> >> This is a bad idea roughly equivalent to hashing passwords without salt;= Worse, it prevents interoperability at the application layer by preventing= the decryption of a data stream where the generator used an IV other than = all-null. >> >> Fixing this is a simple matter, but I wanted to bounce approaches for BC= (or lack thereof) off everyone else since this version of openssl_encrypt(= ) is already "in the wild". >> >> The most direct and obvious solution is to add a fifth, optional paramet= er to openssl_encrypt() and openssl_decrypt() to take IV as a string. =A0Th= e problems with this are that it: (A) Places the IV in an odd argument loca= tion, and (B) Does not enforce the passing of an IV (since raw is already o= ptional). =A0As stated above, IV really *should* be enforced, given what it= does to soften the security normally offered by a chaining block method. >> >> That said, I'd like to propose something unpopular; =A0 Change the signa= ture for these methods entirely, deliberately breaking BC. =A0I know, I kno= w.... spare me your rotten tomatoes. =A0I think it's justified in this case= because, as they are now, these functions are useless at best, and possibl= y dangerous in terms of encouraging unsafe practices with regards to crypto= graphy. >> >> I think it's worth a BC break. =A0Comments? >> >> -Sara >> >> P.S. - Here's the signature I'd go with: openssl_encrypt($data, $method,= $iv, $key, $raw=3Dfalse) >> >> -- >> PHP Internals - PHP Runtime Development Mailing List >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --=20 -- Tjerk