Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94429
Return-Path: <me@kelunik.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 23791 invoked from network); 8 Jul 2016 04:56:57 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 8 Jul 2016 04:56:57 -0000
Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.160 cause and error)
X-PHP-List-Original-Sender: me@kelunik.com
X-Host-Fingerprint: 81.169.146.160 mo4-p00-ob.smtp.rzone.de  
Received: from [81.169.146.160] ([81.169.146.160:15555] helo=mo4-p00-ob.smtp.rzone.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 9C/C0-18622-4923F775 for <internals@lists.php.net>; Fri, 08 Jul 2016 00:56:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1467953809; l=5467;
	s=domk; d=kelunik.com;
	h=Content-Type:Cc:To:Subject:Date:From:In-Reply-To:References:
	MIME-Version;
	bh=7TgR4cR74voka6MjK9DIbvZYOOogG5ZF2JKK6+lwq0c=;
	b=b6RpSGw0kBVZe3ykyf4KhWzsiktWfNTSXOhmnUt2z9ajOrqlM6nJR2nqjjUMn+Hu2aW
	XXcj6HnwcrFbKLpBHxBhzEt2Al2wntlWio3ab+CK9RnU3M3LMX6GFaiEVKRD3tWnoMtMA
	6hCcZUSijQoCljuezKjdnvEG1rbeXBd+7gk=
X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtO3E6
X-RZG-CLASS-ID: mo00
Received: from mail-wm0-f42.google.com ([74.125.82.42])
	by smtp.strato.de (RZmta 38.10 AUTH)
	with ESMTPSA id e00435s684ulZvO
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA))
	(Client did not present a certificate)
	for <internals@lists.php.net>;
	Fri, 8 Jul 2016 06:56:47 +0200 (CEST)
Received: by mail-wm0-f42.google.com with SMTP id f126so4979875wma.1
        for <internals@lists.php.net>; Thu, 07 Jul 2016 21:56:47 -0700 (PDT)
X-Gm-Message-State: ALyK8tLCcewm/ev3uXinug5nbN5AQuzqcDuAgMdQTV6IYcmEvYOnCajB7PLyc1OEpcWwSQ2ObptxQeVx8H2yPg==
X-Received: by 10.194.157.10 with SMTP id wi10mr3130486wjb.159.1467953807399;
 Thu, 07 Jul 2016 21:56:47 -0700 (PDT)
MIME-Version: 1.0
References: <CAGa2bXaSkozJLLtycujwmHyas9TofRw5s6JzG0EQQvPyU0pxNQ@mail.gmail.com>
 <CAGa2bXZ=DiqQ4PozYntvGApZHdkjWyTBQhk_Udy5Y3_m0ry9Lw@mail.gmail.com>
 <a32232d3-006b-a7c2-0aa8-7f44509dfe69@gmail.com> <CAGa2bXa3o4FzQDGyU+=XHWoH59QjTJdJcjwch4=VdUUC7ZsD=w@mail.gmail.com>
 <CAEZPtU5RRGbUXJE7cHd2LuUmF5hiGDJAhGNKZ+_nRj1d+pHkZA@mail.gmail.com>
 <CAPwsocHU4Dc5YLMq_vfJsvXQseH7es4baMh-_pNJFf7aB3bKyg@mail.gmail.com> <CA+kxMuTEtx5Euii1XzF_rUztNAOSLO2VCWCBwbYbmv=JPMDsJQ@mail.gmail.com>
In-Reply-To: <CA+kxMuTEtx5Euii1XzF_rUztNAOSLO2VCWCBwbYbmv=JPMDsJQ@mail.gmail.com>
Date: Fri, 08 Jul 2016 04:56:34 +0000
X-Gmail-Original-Message-ID: <CANUQDCi6J8xme_No39qHzMhLRoZoK9sn8pJVAaq98mgkXXSZWw@mail.gmail.com>
Message-ID: <CANUQDCi6J8xme_No39qHzMhLRoZoK9sn8pJVAaq98mgkXXSZWw@mail.gmail.com>
To: Dan Ackroyd <danack@basereality.com>, Leigh <leight@gmail.com>
Cc: Dan Ackroyd <danack@php.net>, PHP internals <internals@lists.php.net>, 
	Pierre Joye <pierre.php@gmail.com>, Stanislav Malyshev <smalyshev@gmail.com>, 
	Yasuo Ohgaki <yohgaki@ohgaki.net>
Content-Type: multipart/alternative; boundary=089e0122ebe23ca476053718a195
Subject: Re: [PHP-DEV] Re: [RFC][VOTE] Session ID without hashing
From: me@kelunik.com (Niklas Keller)

--089e0122ebe23ca476053718a195
Content-Type: text/plain; charset=UTF-8

>
> > I think we need to drop the concerns about exposing "RNG state".
> >
> > If these are weak RNGs on your system, YOUR SYSTEM is broken.
>
> Telling people that their system is broken isn't going to be
> comforting to the people it happens to.
>

Sure, but it's the right way. Just like random_bytes having no fallback.

There are always bugs in software and hardware. At some point it is
> almost inevitable that there will be some information leak through
> exposing the random numbers directly. Just telling people that their
> system is broken and they need to buy need hardware immediately,
> rather than just being able to re-enable hashing seems a bad choice.
>

Nobody talks about buying new hardware. It usually happens due to bad
system setup, such as blocking access to /dev/random.

But even without accidental bugs, the scenario I am remain concerned
> with is when a piece of hardware or software is compromised by a
> sophisticated attacker, (hello NSA!) and the 'random' numbers
> generated have some subtle pattern to them. To almost everyone, the
> random numbers generated would still look random. But to the
> organisation that compromised the system, and so knows the algorithm
> that is leaving traces in the random sequences, exposing the random
> numbers directly to the outside world would be an obvious but almost
> untraceable line of attack on the system.
>
> Hashing should still obfuscate any subtle patterns in the random
> number generation, and so give some protection against comprised
> chip-set/firmware. If users choose to continue to want the extra
> security of hashing, at the cost of slightly slower session ID
> generation we shouldn't removed that from them.
>
> Yasuo wrote:
> > Some of us worried about CSPRNG state exposure. I'm wondering how many
> > of you will vote in favor if I change the RFC to use hash functions
> > optionally.
>
> Yes.
>
> Though as I said before, I think changing session.use_strict_mode
> should be a separate decision, and it's one I support doing.
>
> cheers
> Dan
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--089e0122ebe23ca476053718a195--