Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:92218
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 92718 invoked from network); 12 Apr 2016 11:04:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Apr 2016 11:04:54 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.66 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.192.66 mail-qg0-f66.google.com  
Received: from [209.85.192.66] ([209.85.192.66:34386] helo=mail-qg0-f66.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 2B/29-28094-656DC075 for <internals@lists.php.net>; Tue, 12 Apr 2016 07:04:54 -0400
Received: by mail-qg0-f66.google.com with SMTP id j35so1303850qge.1
        for <internals@lists.php.net>; Tue, 12 Apr 2016 04:04:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=1Ww9YECXsjKR+VZeE3lw0hOqotOTntsbY/A6g0gCGP0=;
        b=0QIoz3D8sSwK8YjNjWS+qPKc9YeDYJ5X+7fZjLZvBy/y8lPSTANy9kRz50qt2bNFq/
         O19x1S//UdWNQpab1oVce4vQf0Wz9bWn2/OTVtS+a/mAsZ1Dy6YXBJxC5H95wqdxK+LL
         Tf1QXIkt5TqtpE0r7clJ4/5uiFnHRZZZwQ3mRQF5ygceEhIw2NqE6l2UL5OmZ7TDS21B
         vLouUA3yYGAySpxGiTlDJlwyc/BMuH497s+1Kk9IEALIUQNR7g1KPEg64qBxGQc1H4rT
         R+vb52l/cV1Wzz687zBF0ScTk9sxLtUEJsQm+V5Xz2UCUDW5Rly39WkGGMVrD+axsT4b
         Ij3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=1Ww9YECXsjKR+VZeE3lw0hOqotOTntsbY/A6g0gCGP0=;
        b=QfRal8pX41pZaOEMQNymmnwiks5+VGuq8N/VAyBafsQcZUqA+ngjmapYHHRzwv1zr2
         zK9fAlZY1QGnOkMeS2Zx1E+IfHk/QyWgM5W59fX0bfH8aE3a8//DtGQuhGZPIl1MPMbX
         Z65SCA+lUnMPLpl2ypMkOhqLgeWWLINwOTGPL/t1DUHbyy50mQsNWJkifwyoNn8u7r/r
         v74q4o8b1B6Gjww+AevsY4tYnUR1cx9aBpt7Czr+4A1iQHpW7YPWcEXFr6ORyrepJcW1
         KDR0L+HcQqb7ufVVEd0rR20I7gQp631/vgFh8jFN8aHf05M55fsyk1zgK/H4xxoFiDgy
         z58w==
X-Gm-Message-State: AOPr4FX51kQyauq621emOrZ90XFG1HpajMT5PyRFi/v7ga+2C5uey/mbCmCMRJOSIYDZPFZW8N9R2bPEu+fxTQ==
X-Received: by 10.140.176.23 with SMTP id w23mr3118916qhw.76.1460459091779;
 Tue, 12 Apr 2016 04:04:51 -0700 (PDT)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.140.39.175 with HTTP; Tue, 12 Apr 2016 04:04:12 -0700 (PDT)
In-Reply-To: <CAGKNXQGJ9a5AmsN-GV4N1yKh2Q4SH+4-Dfi9vfgX2top11F8Fg@mail.gmail.com>
References: <CAGa2bXY3Zdrq-vU6_gCJVC3smP7DooBsKFNmQpz=ksdKsQORbQ@mail.gmail.com>
 <5706EEF3.3050705@gmail.com> <CAGa2bXbQkw2ouDJf5FHk3dbA4Xea4DmCwPdHUt_WRQ7H=EMAeQ@mail.gmail.com>
 <570CB007.2080503@php.net> <CAGKNXQGJ9a5AmsN-GV4N1yKh2Q4SH+4-Dfi9vfgX2top11F8Fg@mail.gmail.com>
Date: Tue, 12 Apr 2016 20:04:12 +0900
X-Google-Sender-Auth: Hgtzd1LM_XaOBjqxa9oTnnTXPjM
Message-ID: <CAGa2bXYEahrG-roa-NB634i5yw4+7uFgyLRmtf57TMdZ_cjE1w@mail.gmail.com>
To: Philip Hofstetter <phofstetter@sensational.ch>
Cc: Michael Wallner <mike@php.net>, Stanislav Malyshev <smalyshev@gmail.com>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Session ID without hashing
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi Philip,

On Tue, Apr 12, 2016 at 5:38 PM, Philip Hofstetter
<phofstetter@sensational.ch> wrote:
> On Tue, Apr 12, 2016 at 10:21 AM, Michael Wallner <mike@php.net> wrote:
>> On 08/04/16 04:17, Yasuo Ohgaki wrote:
>>
>>> PRNG like /dev/urandom is supposed to be secure, but fair point. It
>>> may be good idea keeping old hash based session ID just in case
>>> someone find vulnerability. I suppose it's unlikely with modern PRNGs,
>>> though.
>>
>> I've come to think that "unlikely" is still a bad precondition with
>> regards to security... :)
>
> however, if a vulnerability is found in /dev/urandom, that would be a
> stop-what-you're-doing-and-patch moment anyways because so much stuff
> depends on /dev/(u)random not producing predictable output.
>
> If /dev/urandom is not to be trusted, you have to bring your server
> offline right then. The fact that PHP would continue to produce more
> secure session IDs won't help you much.

If there is such severe vulnerability, not only session but also many crypt
related features cannot be trusted.

Anyway, I'll add mitigation that reads random length of bytes from PRNG.
This should be good enough to hide PRNG state. Expert comments on
this is appreciated.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net