Edit report at http://bugs.php.net/bug.php?id=51436&edit=1
ID: 51436
Updated by: paj...@php.net
Reported by: andreas at andreas dot org
Summary: LCG entropy fix insufficient, uniqid leaks entropy,
leads to weak session IDs
Status: Open
Type: Bug
Package: *Encryption and hash functions
Operating System: all
PHP Version: 5.3.2
New Comment:
On a related note, we should document session.entropy-file in a better
way. Maybe this page should be a good place to inform the users about
this setting and why it should always be used:
http://www.php.net/manual/en/session.installation.php
Thanks Rasmus for the notice.
Previous Comments:
------------------------------------------------------------------------
[2010-03-30 12:38:31] andreas at andreas dot org
Description:
------------
PHP utilizes a cryptographically weak random number generator to produce
session ID information. Additionally, not enough entropy is used for
the initial seeding of the RNG, and some of the entropy can leak by
careless use of the uniqid() PHP function. Under certain circumstances,
these individual weaknesses interact and reduce the number of possible
values of a PHP session ID so much that exhaustive search for a valid
session ID against the web server becomes feasible.
I suggest to make sure that a cryptographically secure RNG is used for
session ID generation, sufficient entropy is used to seed the RNG, and
to change the uniqid() function to always return a hashed value.
A complete discussion of why I think the code is vulnerable, including
estimates on the attack effort, is available from
http://berlin.ccc.de/~andreas/php-entropy-advisory.txt
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=51436&edit=1
