Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:92241 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 62898 invoked from network); 13 Apr 2016 03:50:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Apr 2016 03:50:18 -0000 Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.182 as permitted sender) X-PHP-List-Original-Sender: smalyshev@gmail.com X-Host-Fingerprint: 209.85.192.182 mail-pf0-f182.google.com Received: from [209.85.192.182] ([209.85.192.182:33102] helo=mail-pf0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 92/00-62665-8F1CD075 for ; Tue, 12 Apr 2016 23:50:17 -0400 Received: by mail-pf0-f182.google.com with SMTP id 184so26205615pff.0 for ; Tue, 12 Apr 2016 20:50:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=ZxbLVZvJMGp6hfg6KtLNtQHP0z8v0OdrxBiz301FaUU=; b=KmMTapE4CH1DmpEdJ2gHuY9x1lwp662mNINWjY6WgJdcVzqhwh7ZauUHY54iGlGglQ Ob2l7jE3hb0fNsocii1ZIdBAbfvxdMsG6b5dv3ryP5lpkkv5+oYi+re0RbTU1EIBJl7m 05Ut8PVwZu4OjY3YQ7AIKAxFIngc1OmDzB5yyPHyKT4eDP400keExIxJs9ezRIR0jd42 0leXG2vrWIKfTlV/sQQm8c9H1ahV0hVbZ1GgHSSnC7P1KmjgB1WVgYZohKjAKBmIl7ul EFXlg/+SNqdU8qBZ/ZnvgeCwYBBspHXvZzXFTP48DTRhPCiXkk1zapgN5cDFzoaXAfim hOTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=ZxbLVZvJMGp6hfg6KtLNtQHP0z8v0OdrxBiz301FaUU=; b=a4zbNWjg9zJUaC+pVFyFRiep8bX1WlZL1U6WBYJIl5AQyIGdGXS4B+nJNtMlASr8iq 6VAZr6OS02Pvb5XOBVuz1XwOPoNej6NjWWC6d2cfTg4/cm9a5BCirubcbFiOsuQZohUZ lkcUffgTXhrfOIWNyp2vOx8fWiOxXskZ7v9cEjTOag2ZHBYStik4sBO0KGbb/ZM7OMbG WfzAEduhsrCni/yfNpltZVCY+uiMPWgCLZyNMWi6w8DMRvWvnUst6tvkCN6pphG47VAI 3kib/HzEf1FyHQrzYfsEf9FbCeReFxTiEg9QolgVHfJbUkmMHrT4ZXkzMWT8i9PzKTpx KfMA== X-Gm-Message-State: AOPr4FVPq2CssT4uywRKjCzu6bhC0TUCXcygDx70gKjphabAaHI3i4kkXski6vbYaxjTaA== X-Received: by 10.98.19.151 with SMTP id 23mr9860294pft.31.1460519413471; Tue, 12 Apr 2016 20:50:13 -0700 (PDT) Received: from Stas-Air.local (76-220-46-95.lightspeed.sntcca.sbcglobal.net. [76.220.46.95]) by smtp.gmail.com with ESMTPSA id 88sm46950666pfj.20.2016.04.12.20.50.11 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 12 Apr 2016 20:50:11 -0700 (PDT) To: Yasuo Ohgaki References: <5706EEF3.3050705@gmail.com> <570D1E89.4050702@gmail.com> Cc: "internals@lists.php.net" Message-ID: <570DC1EF.4010100@gmail.com> Date: Tue, 12 Apr 2016 20:50:07 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.7.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] [RFC][DISCUSSION] Session ID without hashing From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > Yes and no. > Patch uses php_random_bytes(), so it uses appropriate PRNG for the system. > php_random_bytes() is supposed to be available always. True, but is it always OK to export its state to anybody who asks, on demand, in unlimited numbers? I'm not so sure. > Experts say secure PRNG like /dev/urandom is safe. What's "like /dev/urandom"? Each PRNG can have different properties. > Why shouldn't? > It's just a use case in the wild. If you want to test use case, test on real application, not on microbenchmark. And by real application I mean one currently used, of which none regenerate session IDs on every request, and none have reasons to. Optimizing for narrow use case which doesn't even exist yet against thousands of apps that already do makes no sense to me. > If time stamp based session management is used, there is no worries > updating session ID on every request. Of course there are worries, it would generate huge traffic to session storage which is completely unnecessary. Moreover, many application would be broken under such model. Of course, you are free to build your own app using such model, but it's in no way a best practice and it does not deserve to be target of global optimization of session module for it. > Discussion is based on FUD. > AFAIK, I saw papers state PRNGs are secure enough, but opposite. > (We can safely ignore side channel attack issue, I suppose) We can't claim both PRNG are secure and PRNG aren't secure. So which is it? In any case, I don't see how this mandates turning on strict sessions. I know you want it to be the default, but it doesn't seem to be related to this topic. > There is no BC. > Removed INI are just ignored if users are used. But users used them for something. If that something doesn't happen, then it's broken. > Question is "Current session ID is generation is optimal way?" or "Is it > better than proposed one?" If so, why? Yes, it's better - it does not export PRNG state needlessly, and it's already proven to work by thousands of applications. I'm OK with adding a non-hashed option, for people that want to try it out, and eventually if everybody ends up using it and nothing bad happens, we could phase out the hashed ones then. But just dropping them out of the blue and making non-hashed the only option does not look like a good solution. > Crypto experts say "secure PRNG is safe", why should we care too much > about secure PRNG vulnerability? Why we should invent our own entropy > added random value and take hash of it? We should not invent our own PRNG. Hashing it though seems like a reasonable precaution. -- Stas Malyshev smalyshev@gmail.com