Date: Sat, 16 Jan 2016 03:15:53 -0500 From: Scott Arciszewski <scott@...agonie.com> To: oss-security@...ts.openwall.com, fulldisclosure@...lists.org Subject: It essentially wins crypto vulnerability bingo! gilfether/phpcrypt Consider this email the spiritual successor to my most recent post on Full Disclosure (http://seclists.org/fulldisclosure/2016/Jan/50). Today, we're going to talk about this library: https://github.com/gilfether/phpcrypt/issues/6 Let's go down the list: - [x] Wrote their own block cipher implementation - [x] ...in PHP... - [x] ...and forgot to account for function overloading! - [x] Chosen-ciphertext attacks (The existence for which is almost implied by "PHP crypto". Almost.) - [x] Defaults to a weak random number generator (32 bits of entropy is enough for AES right?) - [x] Defaults to ECB mode (https://blog.filippo.io/the-ecb-penguin/) - [x] Offers a laundry list of ciphers available, some of which are stupid - [x] ...like SimpleXOR (remember JCrypt?), Vigenere, and Enigma! Yep, this is almost as bad as it gets. I've attempted to notify everyone on Github who used this library, but there might be some people who do that aren't on Github. Please spread the word: migrate away from homebrew PHP cryptography. Like most "pure PHP" cryptography projects, this code is pure security theater. There is no salvaging it. For PHP developers who would otherwise be left out in the rain by this disclosure, here are some PHP cryptography libraries that do it right: 1. https://github.com/jedisct1/libsodium-php (HIGHLY recommended!) 2 . https://github.com/defuse/php-encryption (recommended!) 3. https://github.com/paragonie/halite (requires #1) 4. https://github.com/paragonie/EasyRSA (reluctantly included for people that really believe they need RSA) (Details: https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide ) Seriously, folks: Writing cryptography primitives or protocols is hazardous in any language. Even if you have a mathematics background. If you can't afford to hire a cryptography expert to audit your library before you publish it, you should seriously consider using one that the community has already reviewed for free. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com> P.S. MITRE, if you're not busy, could you slap a CVE on the issues? This library actually gets a fair bit of use (though hopefully not for long).
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.