On Fri, Jul 26, 2024, at 13:58, Tim Düsterhus wrote:
> Hi
> 
> On 7/26/24 08:35, Peter Stalman wrote:
> > How prevalent is this exactly? PHP 4 ended support in 2008.  I think
> > putting warning labels on these things in the docs is enough, but we can't
> > go around locking up every kitchen knife just because there are some idiots
> > out there who read a book from the 50s about the war.
> 
> I just Googled "PHP tutorial" and found https://www.phptutorial.net/ as 
> the second search result, which considers itself to be "the modern PHP 
> tutorial".
> 
> I've clicked at the CSRF section 
> (https://www.phptutorial.net/php-tutorial/php-csrf/) and what do I find:
> 
> > $_SESSION['token'] = md5(uniqid(mt_rand(), true));
> 
> *Exactly* the md5-uniqid construction that is called out as unsafe in 
> the RFC and used in a security context.

In regards to hashing, this is likely fine; for now. There still isn't an 
arbitrary pre-image attack on md5 (that I'm aware of). Can you create a random 
file with a matching hash? Yes, in a few seconds, on modern hardware. But you 
cannot yet make it have arbitrary contents in our lifetime. The NSA probably 
has something like this though, but if so, this isn't widely known.

That being said, this is just randomly creating a random id without leaking 
it's internal construction, no different than putting an md5 in a UUID-v8. The 
real issue here is the use of uniqid() and rand(), making it quite likely (at 
scale, at least) that a session id will overlap with another session id.

— Rob

Reply via email to