Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:92236 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 45369 invoked from network); 12 Apr 2016 21:59:47 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 12 Apr 2016 21:59:47 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.194 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.220.194 mail-qk0-f194.google.com Received: from [209.85.220.194] ([209.85.220.194:33508] helo=mail-qk0-f194.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E2/41-33659-0DF6D075 for ; Tue, 12 Apr 2016 17:59:45 -0400 Received: by mail-qk0-f194.google.com with SMTP id d3so1295048qke.0 for ; Tue, 12 Apr 2016 14:59:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=E2b/GhJRF4w3QLjxcu6vGYg0uIg7OUQB6Z5hCgpdKqA=; b=cDMBXTxmW/zAldXF+OHySlxpvwD+pobQFsBiRGnYdnLRv9KSBlyaPvV9EUNJnCDquG qWXRoFxTVuOhpyl6Atnhk1zSQZ8xNwEPxLD3M+rAQ0uLm9AJJKlFq6AeKq5ipQ1velvz AMKbarsCcIDC7oRRi7V/ibh+4lSVaWYjq7+sWUr2mmL/5LV+5B+r68dkWZ0BDkoeMiGj aRXo+bIuQxooz4i0qbeyA16QPPfYNxXPDTIC1+WxTk+s9ONxyE5MbDs+RBodN9khb7AA mTHsZg/Q5/LOKzEho1itIw4sRp7tZnnfJvxIRycPjFrXFtPfsVeejlBr4wF9Frl/qc6Q iG/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=E2b/GhJRF4w3QLjxcu6vGYg0uIg7OUQB6Z5hCgpdKqA=; b=kGnUHH62UMlr6DhhjvNkYBVK/+locDnmYm7V697u/YvZgNZJC1usO02k1MrnanAXzZ Uy5RLA70J6ajvK03w3VwJtiirSANEi+Sy+JtCW558GWzG3D0iW9pbTUWZNwzVK0MRxdv 4JLlhC2zTInnssEsMGYTnTXn/c2fRjGpC/IlVSXnsQeoPY9fYKrinl9zSLeQGNj6ef8F rmX8iFNGCaemCYUUvjw5sZX6Tas3Uajmx7lIQsUJfrZ+Uv+rnPGoY5gTPsXJ2Df3Fl6L E5DeNGO1T9vPjhFP6e2dQXkOUYRVjU8p/UpAcyyTR5f5HE5HXD3zSTh4dQDnj+SvgxYm 6NPw== X-Gm-Message-State: AOPr4FUUhU4CdEQt+OyiKyWhIYpKNXvO9jD2ro+rUKiLPXvnAjTVNO7cFOyhpakVTFK/yhSi5NvcqADGv82kbw== X-Received: by 10.55.79.5 with SMTP id d5mr6630038qkb.30.1460498381903; Tue, 12 Apr 2016 14:59:41 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.140.39.175 with HTTP; Tue, 12 Apr 2016 14:59:02 -0700 (PDT) In-Reply-To: References: <5706EEF3.3050705@gmail.com> <570CB007.2080503@php.net> Date: Wed, 13 Apr 2016 06:59:02 +0900 X-Google-Sender-Auth: DeleJwTs2VeM8Dirzk1VdbKXX-o Message-ID: To: Andrey Andreev Cc: Philip Hofstetter , Michael Wallner , Stanislav Malyshev , "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Session ID without hashing From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi Andrey, On Tue, Apr 12, 2016 at 8:12 PM, Andrey Andreev wrote: > > On Tue, Apr 12, 2016 at 2:04 PM, Yasuo Ohgaki wrote: >> >> Hi Philip, >> >> On Tue, Apr 12, 2016 at 5:38 PM, Philip Hofstetter >> wrote: >> > On Tue, Apr 12, 2016 at 10:21 AM, Michael Wallner wrote: >> >> On 08/04/16 04:17, Yasuo Ohgaki wrote: >> >> >> >>> PRNG like /dev/urandom is supposed to be secure, but fair point. It >> >>> may be good idea keeping old hash based session ID just in case >> >>> someone find vulnerability. I suppose it's unlikely with modern PRNGs, >> >>> though. >> >> >> >> I've come to think that "unlikely" is still a bad precondition with >> >> regards to security... :) >> > >> > however, if a vulnerability is found in /dev/urandom, that would be a >> > stop-what-you're-doing-and-patch moment anyways because so much stuff >> > depends on /dev/(u)random not producing predictable output. >> > >> > If /dev/urandom is not to be trusted, you have to bring your server >> > offline right then. The fact that PHP would continue to produce more >> > secure session IDs won't help you much. >> >> If there is such severe vulnerability, not only session but also many >> crypt >> related features cannot be trusted. >> >> Anyway, I'll add mitigation that reads random length of bytes from PRNG. >> This should be good enough to hide PRNG state. Expert comments on >> this is appreciated. >> > > How are you going to read a *random* length of bytes from the randomness > source itself? That's a chicken and egg problem. :) If you say so, current implementation is also vulnerable :) Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net