Edit report at http://bugs.php.net/bug.php?id=51436&edit=1
ID: 51436
Comment by: andreas at andreas dot org
Reported by: andreas at andreas dot org
Summary: LCG entropy fix insufficient, uniqid leaks entropy,
leads to weak session IDs
Status: Open
Type: Bug
Package: *Encryption and hash functions
Operating System: all
PHP Version: 5.3.2
New Comment:
I strongly suggest backporting. Also, the fact that uniqid() values are
predictable too needs addressing.
Previous Comments:
------------------------------------------------------------------------
[2010-03-31 20:30:53] [email protected]
I have switched the default in trunk to either /dev/urandom or
/dev/arandom if it
exists. We actually already had a check for it in Zend for the
zend_mm_random()
function, Whether we backport this to 5.3 or just improve the
documentation for
that setting is up to Johannes, I think.
------------------------------------------------------------------------
[2010-03-31 20:03:18] [email protected]
Automatic comment from SVN on behalf of rasmus
Revision: http://svn.php.net/viewvc/?view=revision&revision=297232
Log: Set session.entropy_file to /dev/urandom or /dev/arandom by
default if present at compile-time. Addresses part of bug #51436
------------------------------------------------------------------------
[2010-03-31 05:04:14] [email protected]
As for these session.entropy directives, due to compatibility issues I'm
unsure
how best to include these recommended values in php.ini-* so the
following
patch[1] adds information where appropriate, although it does not change
the
default values. One trouble: it breaks convention, as other directives
are in
fact changed (and not only recommended). This patch only solves this bug
through
documentation, which may or may not be our ultimate solution.
We still need to discuss whether changing the default php.ini-* values
is
appropriate, and the potential impact (e.g. Windows) it would have. And
of
course explore alternative options that essentially don't "require"
/dev/urandom. Like, Rasmus/Scott mentioned something about using
OpenSSL's
existing abstraction layer to do it.
And lastly, while documenting we should describe:
- Briefly mention the difference between /dev/urandom and /dev/random
- Talk about performance issues
- Alternatives to /dev/random (e.g. EGD, hardware, ...)
- Mention which Operating Systems lack /dev/random (Windows, and Solaris
8 and
below come to mind)
[1] Patch name: session_entropy_docs_php_ini_default_off_still
------------------------------------------------------------------------
[2010-03-31 04:43:27] [email protected]
The following patch has been added/updated:
Patch Name: session_entropy_docs_php_ini_default_off_still
Revision: 1270003407
URL:
http://bugs.php.net/patch-display.php?bug=51436&patch=session_entropy_docs_php_ini_default_off_still&revision=1270003407
------------------------------------------------------------------------
[2010-03-31 01:08:13] [email protected]
Regarding session.entropy_file and session.entropy_length, please
clarify this
topic a bit and ideally include an example for Windows users. I see
words like
ksecdd.sys and CryptoAPI but am unsure how these might apply to
session.entropy_file.
And, what are the downsides of using these options... performance?
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=51436
--
Edit this bug report at http://bugs.php.net/bug.php?id=51436&edit=1
