Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:92153
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 77806 invoked from network); 8 Apr 2016 02:17:55 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 8 Apr 2016 02:17:55 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.65 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.213.65 mail-vk0-f65.google.com  
Received: from [209.85.213.65] ([209.85.213.65:33203] helo=mail-vk0-f65.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 03/C8-48788-2D417075 for <internals@lists.php.net>; Thu, 07 Apr 2016 22:17:54 -0400
Received: by mail-vk0-f65.google.com with SMTP id v68so14530627vka.0
        for <internals@lists.php.net>; Thu, 07 Apr 2016 19:17:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=OPgJVG5a63OSnFk1+XCyGAVGBRJynFeWqJ+6WOkl83o=;
        b=u+wlaIXuIGQpRwiWzuCq/R/3YPZr01vW21ZULBb+YcNJ1pY3mxg++BT9ScuCIxUOo2
         8aMBRP4xYn2IhxLyrP2ia0ndwaySgmIIzL7EDJgU8+UJOv26gBkxLsLIepSXKprlRdIJ
         AHQABFVKXUrUz0KIELQtzPMlcvoZMQKvdEhsenKkNfLmdZDkRjvqN6/mByzcZRPam7U6
         A3GViO9fJJxeTD4H0d9dCDZo7i+1BgkS4xjlGIIalXdU9p9fshZdj9toUOzEmAq10PD4
         RDOe2NsE7+S1PD/4t8Zm6iGW0sTxVApE7cGleiLfGw3WSmLP+4XI7Nx5tcPlinABa7sW
         Vn0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=OPgJVG5a63OSnFk1+XCyGAVGBRJynFeWqJ+6WOkl83o=;
        b=hV14NtoEZBuoxzMA90sjohoyA2T6LrhjI/dxnaO9kedX/DeM4rJtnVjP9qSMLj8y75
         nAaqwk4tv7DtFbExWoBL3Of3f7wALYNedItFIZO1h2GxvyNLIy5Rz37Cm5oag9TiD/Vd
         V+6kIf4JNKqRPLTvDw1fCBA2OyZ0ojRkfkBiR2RkRDW2OJ05zpwkHWbueCsnJzXqoX/R
         QmpOr4URqrOq8nb15VsuekW/kXyFlitnNjuI9oy9uAEE1APJwVuz3nFPms5B7cbY4Bem
         eFRzhOH9tVq34PhY0rEBq90hqrfuk9vYrHe0d3z9j7xzN4EjGYJpI2KruoJZZJW3/xtB
         4tSA==
X-Gm-Message-State: AD7BkJLJ4st34UF5MZ6PSbeLoENiPQWpTwlHB2Qx5Rj90AnZpIhjoDPcJ3nXKErJg23f21M7MF4Q8rmtdAhTTw==
X-Received: by 10.159.35.109 with SMTP id 100mr2519698uae.119.1460081870906;
 Thu, 07 Apr 2016 19:17:50 -0700 (PDT)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.159.40.7 with HTTP; Thu, 7 Apr 2016 19:17:11 -0700 (PDT)
In-Reply-To: <5706EEF3.3050705@gmail.com>
References: <CAGa2bXY3Zdrq-vU6_gCJVC3smP7DooBsKFNmQpz=ksdKsQORbQ@mail.gmail.com>
 <5706EEF3.3050705@gmail.com>
Date: Fri, 8 Apr 2016 11:17:11 +0900
X-Google-Sender-Auth: gwIP8BRav2hi4AE99NdxnXbFX50
Message-ID: <CAGa2bXbQkw2ouDJf5FHk3dbA4Xea4DmCwPdHUt_WRQ7H=EMAeQ@mail.gmail.com>
To: Stanislav Malyshev <smalyshev@gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Session ID without hashing
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi Stas,

On Fri, Apr 8, 2016 at 8:36 AM, Stanislav Malyshev <smalyshev@gmail.com> wrote:
>> Session module does not require hashing to generate session ID. This
>> RFC removes hashing from session module and enable use_strict_mode as
>> an insurance for broken RNG.
>>
>> https://wiki.php.net/rfc/session-id-without-hashing
>
> I'm not sure why that should be the default. First of all, I'm not sure
> exporting the state of the PRNG is that good an idea, there may be
> vulnerability in the PRNG that could be opened (or made easier) for
> exploit with direct access to its output. I'd rather not provide this
> opening unnecessarily.

PRNG like /dev/urandom is supposed to be secure, but fair point. It
may be good idea keeping old hash based session ID just in case
someone find vulnerability. I suppose it's unlikely with modern PRNGs,
though.

If we have to care about PRNG state exposure, code may be changed to
read random length from RPNG. This would be good enough mitigation. I
would like to hear from PRNG experts if this is good enough. (or not
needed)

>Second, I do not see why we need to do maximum
> breakage change if we could just make an identity "hash" function and
> support both cases. "Session generation performance" does not have a lot
> of meaning here - I'd be very surprised to see any application that is
> bound by the speed of generating session IDs.

w/ Patch: Requests per second: 2278.59 [#/sec] (mean)
w/o Patch: Requests per second: 899.36 [#/sec] (mean)
(This is CLI server and "ab -c 20 -n 100000" result on Core i7 4770s Linux)

I didn't expect this much difference, but this is the result. Since
security experts advise to change session ID relatively high frequency
(few minutes to half an hour), this difference may be noticeable apps
returning cached JSON. I know apps that change session ID on every
request. (This should be done with caution. Otherwise, you may
experience lost sessions a lot due to race conditions) Such apps will
see performance gain.

> Also, I don't see how use_strict_mode change is related to the hashing.
> Could you explain?

We cannot control PRNG behavior. It's enabled for broken PRNG
insurance. use_strict_mode=1 (detecting session ID collisions) is
mandatory, anyway.

Regards,

P.S. Code may be changed so that user can choose raw PRNG and old
hashing. We have to keep old and new INI settings in this case. Anyone
has comment for keeping hash/PRNG related INIs? I would like to remove
hash/PRNG related INIs if not many of us insist.

--
Yasuo Ohgaki
yohgaki@ohgaki.net