lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKws9z2psDS2P25SOykpaR0QUiMZd1Pe1q4Q3ia_YyXXh-ptGQ@mail.gmail.com>
Date: Sat, 16 Jan 2016 03:15:53 -0500
From: Scott Arciszewski <scott@...agonie.com>
To: oss-security@...ts.openwall.com, fulldisclosure@...lists.org
Subject: [FD] It essentially wins crypto vulnerability bingo!
	gilfether/phpcrypt

Consider this email the spiritual successor to my most recent post on Full
Disclosure (http://seclists.org/fulldisclosure/2016/Jan/50).

Today, we're going to talk about this library:
https://github.com/gilfether/phpcrypt/issues/6

Let's go down the list:

- [x] Wrote their own block cipher implementation
- [x] ...in PHP...
- [x] ...and forgot to account for function overloading!
- [x] Chosen-ciphertext attacks (The existence for which is almost implied
by "PHP crypto". Almost.)
- [x] Defaults to a weak random number generator (32 bits of entropy is
enough for AES right?)
- [x] Defaults to ECB mode (https://blog.filippo.io/the-ecb-penguin/)
- [x] Offers a laundry list of ciphers available, some of which are stupid
- [x] ...like SimpleXOR (remember JCrypt?), Vigenere, and Enigma!

Yep, this is almost as bad as it gets. I've attempted to notify everyone on
Github who used this library, but there might be some people who do that
aren't on Github. Please spread the word: migrate away from homebrew PHP
cryptography.

Like most "pure PHP" cryptography projects, this code is pure security
theater. There is no salvaging it.

For PHP developers who would otherwise be left out in the rain by this
disclosure, here are some PHP cryptography libraries that do it right:

1. https://github.com/jedisct1/libsodium-php (HIGHLY recommended!)
​2​
. https://github.com/defuse/php-encryption (recommended!)
3. https://github.com/paragonie/halite (requires #1)
4. https://github.com/paragonie/EasyRSA (reluctantly included for people
that really believe they need RSA)

(Details:
https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide
)

Seriously, folks: Writing cryptography primitives or protocols is hazardous
in any language. Even if you have a mathematics background.

If you can't afford to hire a cryptography expert to audit your library
before you publish it, you should seriously consider using one that the
community has already reviewed for free.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>​

P.S. MITRE, if you're not busy, could you slap a CVE on the issues? This
library actually gets a fair bit of use (though hopefully not for long).

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ