Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:92231
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25281 invoked from network); 12 Apr 2016 16:13:06 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Apr 2016 16:13:06 -0000
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.171 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.192.171 mail-pf0-f171.google.com  
Received: from [209.85.192.171] ([209.85.192.171:34644] helo=mail-pf0-f171.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6D/B1-13103-19E1D075 for <internals@lists.php.net>; Tue, 12 Apr 2016 12:13:06 -0400
Received: by mail-pf0-f171.google.com with SMTP id c20so16359622pfc.1
        for <internals@lists.php.net>; Tue, 12 Apr 2016 09:13:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:cc:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-transfer-encoding;
        bh=FbaDi7UY5/D50TuUQlmN91Eaa2STl7Lfm9/QUqRf0Wg=;
        b=tr4qlqpuxurzc9tPdqLhtK8Q6m36NrsYvd18jIsopRllhduU00R7nIK0DhEWRzJa30
         0X5HBrbXFtaNQAC0351HQENqs+KIe/mIYNCdwGrlgm81rjf1IoRWNNMPDw7U1vwRrDQJ
         83lXS23PHRDr9DDMf3hpgX1rpLj40YMtA+QfXNXHiuDPfpP9CqdsNnVPzKQdU1m+P7xm
         sfGcqYEUloP3hKPuIoNG8Omn2P/Qj5EmReXvKfq32Mj9Sb7InJkT1IWpLnAOU+0Exo0a
         yNBEHWewgMuoF080I8gfEezSq6vNJpWx3GUYotT9OUkQIE4CFD2zW8qIK21F2EYnhTtV
         /ooQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:subject:to:references:cc:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding;
        bh=FbaDi7UY5/D50TuUQlmN91Eaa2STl7Lfm9/QUqRf0Wg=;
        b=YjkkzTw3VENV9xbGVPSpmIB7gysjTswn7DE9BVwxLhOyoLAW1zOxNCfigk51jnR90s
         U6AuAesT2pj8TDd2DV37PwJzjDKZ88Sz2iHSKsotgI4sC6OAuNtwzgn91xMHo4dgOu9P
         D+TT3NN8nTJe+2gb2rh4QcaylcvyKsArIO3soCqdOJkG36zZxjKiHeJN4ffqiLsyx2yv
         3oexDgxoDJk78JHZhyqORq+fs6sEHzvKjps8XmQMpFgFp/Maa0J1WOipkxd0PPv4k8rJ
         KLklDCd7+6SszFLm0fIGA27HF5tzy1jq+bhplwL00U8P+1IY2LGrpQLjUwtOjLzEvpqa
         KpLA==
X-Gm-Message-State: AOPr4FVJ9zaKlv2R5jS0QXPcyE69ku/eQo5CjoK5UeBRLB+3iOt5h/7juA+PJZElnT2wFw==
X-Received: by 10.98.12.154 with SMTP id 26mr5779181pfm.20.1460477582348;
        Tue, 12 Apr 2016 09:13:02 -0700 (PDT)
Received: from Stas-Air.local (76-220-46-95.lightspeed.sntcca.sbcglobal.net. [76.220.46.95])
        by smtp.gmail.com with ESMTPSA id kl14sm44824327pab.23.2016.04.12.09.12.59
        (version=TLSv1/SSLv3 cipher=OTHER);
        Tue, 12 Apr 2016 09:13:00 -0700 (PDT)
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
References: <CAGa2bXY3Zdrq-vU6_gCJVC3smP7DooBsKFNmQpz=ksdKsQORbQ@mail.gmail.com>
 <5706EEF3.3050705@gmail.com>
 <CAGa2bXbQkw2ouDJf5FHk3dbA4Xea4DmCwPdHUt_WRQ7H=EMAeQ@mail.gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Message-ID: <570D1E89.4050702@gmail.com>
Date: Tue, 12 Apr 2016 09:12:57 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0)
 Gecko/20100101 Thunderbird/38.7.1
MIME-Version: 1.0
In-Reply-To: <CAGa2bXbQkw2ouDJf5FHk3dbA4Xea4DmCwPdHUt_WRQ7H=EMAeQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Session ID without hashing
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> PRNG like /dev/urandom is supposed to be secure, but fair point. It
> may be good idea keeping old hash based session ID just in case
> someone find vulnerability. I suppose it's unlikely with modern PRNGs,
> though.

That assumes we use /dev/urandom directly and it is always available on
all systems and always accessible to PHP. I don't think it is the case
now, is it?

> If we have to care about PRNG state exposure, code may be changed to
> read random length from RPNG. This would be good enough mitigation. I
> would like to hear from PRNG experts if this is good enough. (or not
> needed)

We have pretty good way of removing this problem. It's called hashing.
Now we are inventing our own crypto tricks to not use existing and
proven method of doing it. This looks like bad idea to me. We do not
have expertise to even evaluate if it's safe.

> w/ Patch: Requests per second: 2278.59 [#/sec] (mean)
> w/o Patch: Requests per second: 899.36 [#/sec] (mean)
> (This is CLI server and "ab -c 20 -n 100000" result on Core i7 4770s Linux)

My point is it does not matter. Nobody cares if session ID generation
takes 1 ms instead of 2 ms.

> request. (This should be done with caution. Otherwise, you may
> experience lost sessions a lot due to race conditions) Such apps will
> see performance gain.

No they won't. Even if they change session ID on every request (which
sounds extremely weird, I have never seen anybody doing it and would
never recommend doing it) the different would still be unnoticeable if
the application does anything beyond generating session IDs. Unless you
can show speedup on real apps, I don't think this point is worth ever
mentioning again.

> We cannot control PRNG behavior. It's enabled for broken PRNG
> insurance. use_strict_mode=1 (detecting session ID collisions) is
> mandatory, anyway.

If we are assuming broken PRNG, it surely is unsafe to export its state
to the whole world. Either we assume PRNG is safe and sound, or not. And
I really don't like the idea of grouping unrelated changes together.

> has comment for keeping hash/PRNG related INIs? I would like to remove
> hash/PRNG related INIs if not many of us insist.

I think removing existing INI entries is completely unnecessary and just
creates BC problems without any benefit.

-- 
Stas Malyshev
smalyshev@gmail.com