Hi Andrey,
On Fri, Feb 21, 2014 at 8:25 PM, Andrey Andreev <[email protected]> wrote:
> On Thu, Feb 20, 2014 at 11:17 PM, Yasuo Ohgak
> Nobody has to guess the id length, as my quote below says: an attacker
> experienced enough to do timing attacks will always send a string with
> the full length.
> They do not have to know any secret, nor would they care if one
> exists. Your "id length" check will only "protect" you from a 13-year
> old using some brute-force script that they just found.
>
If underlying storage does liner search, you are right.
I was thinking this for mm handler, but it's useless if there is liner
search :(
Instead of having this, we should advise users to use good hash index.
>> >3 reasons.
> >> > - Hash used by session may fallback to SHA-1 from SHA-256
> >>
> >> What?! Why would that happen?
> >
> >
> > ext/hash could be DL module. There is #if for this case.
>
> This is a more serious flaw than the one you're trying to protect
> against. I'd suggest one of the following:
>
> - Force ext/hash to be dynamically loaded when session wants to use it.
> - Not give the ability to disable the extension at all.
> - Emit E_WARNING when a user tries to use an unavailable algorithm.
>
> Actually, the last one should be done anyway, IMO.
>
OK. Third one seems the one to me, too.
- hash_bits_per_character will be removed from the RFC.
- Possible issue with ID length change will be documented.
- "id_length" will be removed. User should use hash index search.
- Raise error when hash function is not available.
Raising error seems not good...
If hash extension is available always, it might be easier for other module,
too.
Do not allow DL/disabling hash extension, perhaps?
Regards,
--
Yasuo Ohgaki
[email protected]