| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Jan 2016 16:53:31 -0500
From: Scott Arciszewski <scott@...agonie.com>
To: fulldisclosure@...lists.org
Subject: [FD] CCA on CoreProc/crypto-guard and an Appeal to PHP Programmers
Hi Full Disclosure Readers,
Let's jump right into the vulnerability:
In May of last year, I reported to CryptoGuard that their cryptography
wasn't guarding against chosen-ciphertext attacks, which is the sort of
oversight that would allow me to intercept a ciphertext message then keep
feeding it back into the decryption process with slight alterations until I
recovered the plaintext.
https://github.com/CoreProc/crypto-guard/issues/1
And then several months passed, and I forgot it even existed. I got a
notification last night that they closed the issue, and eagerly tagged a
v1.0.0 release. So I looked again a bit more carefully and I discovered
that they were using their IV as an HMAC key.
https://github.com/CoreProc/crypto-guard/issues/3
Experienced infosec folks are probably expecting me to say, "Don't roll
your own crypto." And they're half right. You probably shouldn't write your
own crypto code, be it for encrypting text, storing passwords, or storing
all of your session state in a cookie (shudder). But I've come to realize
that telling programmers not to write crypto is like telling teenagers to
practice abstinence.
Instead, I implore you to follow the advice of Taylor Hornby (Defuse
Security, Crackstation, CryptoFails, etc.):
http://www.cryptofails.com/post/75204435608/write-crypto-code-dont-publish-it
Crypto Amateurs: Write Crypto Code! Don't Publish It!
-----------------------------------------------------
Publishing crypto code means either publishing it online or deploying it in
production. There are risks associated with both.
* Deploying: You've just deployed vulnerable code to your company's server.
Well done.
* Publishing: You've left another land mine for other developers to
accidentally step on.
The above CryptoGuard library? People not only use it, they actively
recommend it to other developers.
* http://stackoverflow.com/a/27497122/2224584
* http://stackoverflow.com/a/27471590/2224584
* http://stackoverflow.com/q/28700653/2224584
Earlier this year I found a dubious attempt to port GnuPG to PHP:
https://github.com/jasonhinkle/php-gpg
To make a long story short, here's someone asking for advice on how to
integrate with it: https://twitter.com/Raed667/status/666037143224102912
I'd like to propose the following workflow (Pastebin:
http://pastebin.com/raw/1ap1dX4z)
.-------,
| START | .-----------,
`---+---' | OK, cool. |<,
| .---------------------, '----+------' |
'-------->+ Am I rolling my own +----------------' |
| cryptography? | No |
'----------+----------' |
| Yes |
v |
.---------------+---------------. | OK
| Do I have enough money in my | .------------+-------------,
| project's budget allocated to +------->| You should do that then. |
| hire a cryptography expert to | Yes `--------------------------'
| review my implementation? |
`---------------+---------------'
| No
v
.-----------------------------,
| Don't publish or deploy it. |
`-----------------------------'
I hope you find my proposal to be sane and reasonable enough to adhere to,
for the sake of your own applications.
Please share this flowchart with every (especially but necessarily PHP)
programmer you know until these mistakes are eradicated and/or sufficiently
discouraged.
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists