WebApp Sec mailing list archives

Re: Cryptographically Generated Cookies

From: "Andy Steingruebl" <steingra () gmail com>
Date: Wed, 12 Dec 2007 19:07:24 -0800

On Dec 9, 2007 7:58 AM, Paul Johnston <paj () pajhome org uk> wrote:

Hi,

People have talked a lot about storing data on the client and
cryptographically generating cookies.

My recommendation for security is to not do either. All you store on the
client is a session ID - a 128-bit random number (plus a CSRF token
where needed). Any data is stored on the server side, keyed by the
session ID. This is the most secure approach, but it needs a lot of
database access on the server.

Barring other types of attacks the work-factor to attack these two is
roughly identical.

1. Brute force the key used to encrypt the cookie
vs.
2. Brute force the session-id

Now, admittedly #1 can be done offline while #2 can only be done
online. That said, its roughly the same number of operations. On a
site that has a large number of active sessions, you might get lucky
and come up with a valid session. Or, you might get lucky and brute
force the key used to encrypt the cookie.

An ideal scheme to protect the cookie then might rely on a per-user
key, or at least a key that rotates relatively frequently so that it
isn't valid for a lot more time than the cookie itself. If you also
do an HMAC for the cookie and use a different key (good practice) then
even a successful brute force on the encryption key doesn't
necessarily buy you a lot since you can't tamper with the data.

For large sites that are geographically distributed, a shared-nothing
approach with the client maintaining most/all of the state can be
quite preferable and can be achieved reasonably securely.

--
Andy Steingruebl
steingra () gmail com

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be
considered a crucial phase in the development of any web application. What methodology should be followed? What tools
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Current thread:

RE: Session security with cookies, (continued)
- - - RE: Session security with cookies WebAppSec (Dec 08)
- Re: Session security with cookies Ron (Dec 04)
  - Re: Session security with cookies Aaron Katz (Dec 04)
    - Re: Session security with cookies Till Elsner (Dec 05)
    - Re: Session security with cookies Aaron Katz (Dec 05)
    - Re: Session security with cookies Till Elsner (Dec 05)
    - Re: Session security with cookies Aaron Katz (Dec 05)
    - Re: Session security with cookies Aaron Shelmire (Dec 08)
    - Re: Session security with cookies Eduardo Tongson (Dec 08)
    - Cryptographically Generated Cookies Paul Johnston (Dec 12)
    - Re: Cryptographically Generated Cookies Andy Steingruebl (Dec 14)
    - Re: Cryptographically Generated Cookies Jamie Riden (Dec 14)
    - RE: Session security with cookies Martin O'Neal (Dec 12)
  - Message not available
    - Re: Session security with cookies Scott C. Sanchez (Dec 04)
    - RE: Session security with cookies Martin O'Neal (Dec 05)
- Re: Session security with cookies Eduardo Tongson (Dec 05)