Hello, > assuming this is true then the built in session handler is pretty > vulnerable right now no? > one only has the choice of md5 or sha1 for the hashing mechanism of > the session handlers id > as far as I can see ... if php gets a sha256 in the core it would > possibly be a good thing > to make that available as an option for session.hash_function?
I did not want to cause some "panic". MD5 and SHA1 are not completely broken yet. I think people usually only call a hash function completely broken when preimage attacks are possible. This means for a given startvector you can create some input to get a desired endvector. During the last year there have been various reports about much faster attacks in normal collision generation, which means the time needed to you just try to find 2 collisions. (you never know how fast it will be possible in 1 year from now) The session handler on the other hand is not really vulnerable to this, even if there are preimage attacks. In the session handler MD5/SHA1 are merely used to convert a random number into some other format. Even if there are preimage attacks on MD5 and SHA1 the "security" of the session handler relies on not guessable random numbers. (However it would not be much work to use sha256 in the session extension as another option once it is in core) Stefan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
