Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87176 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 6083 invoked from network); 15 Jul 2015 10:19:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Jul 2015 10:19:18 -0000 Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain paragonie.com from 209.85.220.169 cause and error) X-PHP-List-Original-Sender: scott@paragonie.com X-Host-Fingerprint: 209.85.220.169 mail-qk0-f169.google.com Received: from [209.85.220.169] ([209.85.220.169:35183] helo=mail-qk0-f169.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 0C/11-27477-3A336A55 for ; Wed, 15 Jul 2015 06:19:16 -0400 Received: by qkbp125 with SMTP id p125so24529836qkb.2 for ; Wed, 15 Jul 2015 03:19:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=8J23rnnj8lobPH3Fy+RuO/AMZoJzpXJs6o0NRDpx6Q8=; b=dW6nMwuWQQ0aD1AscZRBpKBeRcBlyraQQ7KEFi3E0qxCZTHStcEt0OKvpLRlqJnFkU wKLmRrAMrhXevexntbT22wMwtShUeFD16ovBW3E0b6B3Lr/q5Y8RUR2DRVbZHUxrb/Vp G4eqScH+QPeP+AN4qJdpdtt1QfCgIZ8GVBukrc7gECF3kBWC/pKItmYcEbJw6Wu3dIAZ M2VnAlY7rXFFOSnSKGVD7LwXbMUjks34HWiPw4yLvX+5arBewzwT5e8bOBk/sJHV9ZNz /NaN9m6X6t0+hjeBxWtv6vMEHHHdhthVjE+O9dJiYpHd4C14h8BjAF1ql+WCKEf1jY9q asjA== X-Gm-Message-State: ALoCoQmNML44GIcBqHiZQHchNf7e9tY1hqVqmWbeFbefJ4TBKHcbRO40F9s5QNgCQFqovXIXuqiP MIME-Version: 1.0 X-Received: by 10.55.41.84 with SMTP id p81mr6920810qkh.95.1436955553262; Wed, 15 Jul 2015 03:19:13 -0700 (PDT) Received: by 10.96.83.102 with HTTP; Wed, 15 Jul 2015 03:19:13 -0700 (PDT) X-Originating-IP: [71.47.14.165] In-Reply-To: References: Date: Wed, 15 Jul 2015 06:19:13 -0400 Message-ID: To: Yasuo Ohgaki Cc: Sammy Kaye Powers , PHP Internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Core functions throwing exceptions in PHP7 From: scott@paragonie.com (Scott Arciszewski) On Wed, Jul 15, 2015 at 4:27 AM, Yasuo Ohgaki wrote: > Hi Sammy, > > On Wed, Jul 15, 2015 at 6:04 AM, Sammy Kaye Powers wrote: > >> There are two open PR's for PHP7 to modify the behavior of the CSPRNG's: >> >> https://github.com/php/php-src/pull/1397 (main discussion) >> https://github.com/php/php-src/pull/1398 >> >> Currently the random_*() functions will issue a warning and return false if >> a good source of random cannot be found. This is a potential security hole >> in the event the RNG fails and returns false which gets evaluated as 0 in a >> cryptographic context. >> >> To prevent this exploit the proposed behavior will throw an Exception when >> the RNG fails or certain argument validation fails. This also gives the >> developer a graceful way to fall back to an alternate CSPRNG. >> >> Since the core functions in PHP don't throw Exceptions, there is debate on >> whether or not this change should be implemented. Some say the CSPRNG's >> should get a special pass since they will be relied on for cryptography. If >> we can't throw Exceptions, there were suggestions of raising a fatal error >> if the RNG fails. >> >> I think the argument can be boiled down to consistency vs security. We'd >> love to hear your feedback to decide what we should do in this context. :) >> > > I prefer exception rather than error. > > However, I would not like to see exception in "some" functions. > It's whether we use exception for builtin functions or not. > > I understand the risk, but users should handle all errors properly > to be secure anyway. > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net -1 I emphatically disagree. > I understand the risk, but users should handle all errors properly > to be secure anyway. Recommended reading: http://cr.yp.to/talks/2015.01.07/slides-djb-20150107-a4.pdf ------------------- Instead of placing all the burden on the user to add code to their application to check for errors, lest their application fail open and operate with zero entropy, which is what you've proposed, I say we throw an exception if the random number generator fails. This means that, in the default case, their application will fail closed (i.e. not continue processing with zero entropy), but the developer can still intuitively handle the exception if they want to add code to fail gracefully. Try-catch blocks are far less messy than overriding the error handler. Failing open is a terrible idea. You're going to have people who write code like this: $max = strlen($alphabet) - 1; for ($i = 0; $i < 32; ++$i) { $password .= $alphabet[random_int(0, $max)]; } How do I know this? Because people already write code like that with mt_rand(). If a random number generator failure occurs, instead of generating a predictable password, we ought to abort. If the developer wants to handle this situation, they ought to do this. try { $max = strlen($alphabet) - 1; for ($i = 0; $i < 32; ++$i) { $password .= $alphabet[random_int(0, $max)]; } } catch (Exception $e) { $this->template('error', 'Could not safely generate a passphrase! :('); } In the case of a negligent developer, the uncaught exception is indistinguishable from raising a fatal error. Either way prevents the script from proceeding with zero entropy. TL;DR we have three options: 1. E_WARNING - fail open, possibly cause security problems for the user 2. E_ERROR - fail closed, but make graceful handling a pain in the neck 3. Exception - fail closed by default, developer can write their own graceful failure code if they so choose, would currently be an exception to the rule 1 is bad, 2 is less bad, I think 3 is ideal. Security > continuity. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises