lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAKws9z2Zhnf+xGOa3S89S=Di8Qz2if=rPfbrjJsoX=ihWCbzZQ@mail.gmail.com>
Date: Tue, 9 Jun 2015 20:44:16 -0400
From: Scott Arciszewski <scott@...agonie.com>
To: fulldisclosure@...lists.org
Subject: [FD] 2 vulns 1 line in RNCryptor (PHP) + Call to Action

Hi Full Disclosure,

>From their page (https://rncryptor.github.io):

RNCryptor is a data format specificiation for AES encryption, with AES-256,
> random-salted PBKDF2, AES-CBC, random IV, and HMAC. It has implementations
> in several languages.


Their PHP implementation has two vulnerabilities in the same line of code,
which looks like this:

return ($components->hmac == $this->_generateHmac($components, $hmacKey));

The issues here:

1. A timing side-channel.
2. Use of the == operator can treat strings as floats, depending on the
input

We have opened a Github issue about this and recommend a simple patch:
https://github.com/RNCryptor/RNCryptor-php/issues/5

*A Call to Action about Cryptography in PHP Applications:*

If anyone is serious about encrypting information in a PHP application,
please install libsodium from PECL and use that. Libsodium can already be
used in most popular programming languages, so a cross-platform concern
(what RNCryptor sought to fulfill) is already solved.

Of course, please do ask your resident cryptography experts if you're
unsure of this advice. They should, with all likelihood, agree that it's
far better than any PHP cryptography. Especially any that rely on the
abandonware mcrypt extension:
https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong

If you can't use PECL, you have two good options (neither of which, to my
knowledge, has a cross-platform implementation in other popular languages):

   - https://github.com/defuse/php-encryption
   - https://github.com/zendframework/zend-crypt


Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ