2 vulns 1 line in RNCryptor (PHP) + Call to Action

[Scott Arciszewski <scott () paragonie com>]

Hi Full Disclosure,

> From their page (https://rncryptor.github.io):

RNCryptor is a data format specificiation for AES encryption, with AES-256,
> random-salted PBKDF2, AES-CBC, random IV, and HMAC. It has implementations
> in several languages.


Their PHP implementation has two vulnerabilities in the same line of code,
which looks like this:

return ($components->hmac == $this->_generateHmac($components, $hmacKey));

The issues here:

1. A timing side-channel.
2. Use of the == operator can treat strings as floats, depending on the
input

We have opened a Github issue about this and recommend a simple patch:
https://github.com/RNCryptor/RNCryptor-php/issues/5

*A Call to Action about Cryptography in PHP Applications:*

If anyone is serious about encrypting information in a PHP application,
please install libsodium from PECL and use that. Libsodium can already be
used in most popular programming languages, so a cross-platform concern
(what RNCryptor sought to fulfill) is already solved.

Of course, please do ask your resident cryptography experts if you're
unsure of this advice. They should, with all likelihood, agree that it's
far better than any PHP cryptography. Especially any that rely on the
abandonware mcrypt extension:
https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong

If you can't use PECL, you have two good options (neither of which, to my
knowledge, has a cross-platform implementation in other popular languages):

   - https://github.com/defuse/php-encryption
   - https://github.com/zendframework/zend-crypt


Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/