Hi Philip, On Tue, Apr 12, 2016 at 5:38 PM, Philip Hofstetter <phofstet...@sensational.ch> wrote: > On Tue, Apr 12, 2016 at 10:21 AM, Michael Wallner <m...@php.net> wrote: >> On 08/04/16 04:17, Yasuo Ohgaki wrote: >> >>> PRNG like /dev/urandom is supposed to be secure, but fair point. It >>> may be good idea keeping old hash based session ID just in case >>> someone find vulnerability. I suppose it's unlikely with modern PRNGs, >>> though. >> >> I've come to think that "unlikely" is still a bad precondition with >> regards to security... :) > > however, if a vulnerability is found in /dev/urandom, that would be a > stop-what-you're-doing-and-patch moment anyways because so much stuff > depends on /dev/(u)random not producing predictable output. > > If /dev/urandom is not to be trusted, you have to bring your server > offline right then. The fact that PHP would continue to produce more > secure session IDs won't help you much.
If there is such severe vulnerability, not only session but also many crypt related features cannot be trusted. Anyway, I'll add mitigation that reads random length of bytes from PRNG. This should be good enough to hide PRNG state. Expert comments on this is appreciated. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
