Use OpenSSL instead of Mcrypt in the examples #7934
Conversation
session/proxy_examples.rst
Outdated
| @@ -110,12 +110,12 @@ and decrypt the session as required:: | |||
| { | |||
| $data = parent::read($id); | |||
|
|
|||
| return mcrypt_decrypt(\MCRYPT_3DES, $this->key, $data); | |||
| return openssl_decrypt($data, \OPENSSL_ALGO_SHA1, $this->key); | |||
There was a problem hiding this comment.
SHA1 is a Hash algorithm, you cannont use it to encrypt/decrypt purpose
There was a problem hiding this comment.
Which algo should we use instead?
There was a problem hiding this comment.
I would actually recommend to use LibSodium instead of OpenSSL, encryption is a specialty that is hard to get right, LibSodium makes this as easy as possible. Alternatively you can use https://github.com/defuse/php-encryption which provide a developer friendly (and very secure) API on-top of OpenSSL.
https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong
https://paragonie.com/blog/2015/05/using-encryption-and-authentication-correctly
There was a problem hiding this comment.
@sstok I'm not sure we can do that, because this should work out-of-the-box in all/mosts PHP versions, so we can't use external libs.
There was a problem hiding this comment.
If you can't use LibSodium I would recommend https://github.com/defuse/php-encryption (uses OpenSSL internally), yes it's PHP 5.4, and Symfony 2.7 still supports PHP 5.3, but from the point of security using an old unmaintained PHP version is already a horrible idea (TM).
It all depends on the level of security you want to provide, 3DES is horrible insecure (for many years). Using OpenSSL without proper padding, authentication (crypto authentication) or IV generating, your data is still encrypted. But it becomes easier to break the encryption and leaking sensitive information, and potentially making it possible change the underlying data https://paragonie.com/blog/2015/05/using-encryption-and-authentication-correctly#title.2.1 and thus compromising the trust level of your security.
As this is only used for session data (server-side) the risk smaller, but still existent.
Not to mention using this example and assuming it's safe 🙀.
For the purpose of an example I think it's best to provide a simple example (using OpenSSL) with a big warning that this is only meant as an example and it should not be used for an actual implementation, and providing links with information on how to do this safely 👍
There was a problem hiding this comment.
@sstok Thanks for navigating this with us :). So PHP deprecated mcrypt "in favour of OpenSSL"... but there's really no simple way to actually use OpenSSL? If so, that sucks!
If https://github.com/defuse/php-encryption is "just as good" as LibSodium, I'd rather show it being used. I don't think we need to cover its installation, just show how the end-code would look and link to it (and say it's one encryption example). After all, if you're trying to secure your session data, you obviously care about security and are ok with doing some work to get things setup properly. As long as we show a secure example (even if it takes some setup), we're on solid ground.
There was a problem hiding this comment.
Don't we really have a choice to solve this problem using pure PHP code (no libraries)? Let's remember that we're "just" encrypting some "silly" session data, not the nuclear launch codes. Thanks!
There was a problem hiding this comment.
Just an example.
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('AES-256-CFB'), true);
return [
'iv' => $iv,
'encrypted' => openssl_encrypt($data, 'AES-256-CFB', $key, true, $iv)
];There was a problem hiding this comment.
Good enough as an example or session.
But not failure proof for corruption. Because "changing" the iv could produce a garbage/altered result and you would never notice, that's why authenticated encryption is so important, even if the risk is minimal here. You would still want to have a simple MAC to prevent (file-system) corruptions from breaking the application.
|
I finally updated the example to use the https://github.com/defuse/php-encryption library as suggested by Ryan. Thanks! |
|
Thank you @javiereguiluz. |
…luz) This PR was squashed before being merged into the 2.7 branch (closes #7934). Discussion ---------- Use OpenSSL instead of Mcrypt in the examples This fixes #7925. Some comments: * openssl_*() functions are not documented on php.net (see http://php.net/manual/en/function.openssl-decrypt.php) so I used this article as a reference: http://thefsb.tumblr.com/post/110749271235/using-opensslendecrypt-in-php-instead-of * I think we don't need to use the `OPENSSL_RAW_DATA` or `OPENSSL_ZERO_PADDING` options ... but I'd like someone to verify this. * I can't find an equivalent of `\MCRYPT_3DES` so I used `\OPENSSL_ALGO_SHA1`. I'm not sure if that's correct. Commits ------- d6260a1 Use OpenSSL instead of Mcrypt in the examples
This fixes #7925. Some comments:
OPENSSL_RAW_DATAorOPENSSL_ZERO_PADDINGoptions ... but I'd like someone to verify this.\MCRYPT_3DESso I used\OPENSSL_ALGO_SHA1. I'm not sure if that's correct.