Updated: Comment #5

Problem/Motivation

Drupal core has occurrences of mt_rand() function

Crypt::hashBase64(uniqid(mt_rand(), TRUE) . mt_rand())
Crypt::hashBase64(uniqid(mt_rand(), TRUE))
Crypt::hashBase64(uniqid(mt_rand(), TRUE) . Crypt::randomString())

The initial reasoning was to have "safe" and "unsafe" random ids: "safe" are generated from the strong random source, "unsafe" are generated from mt_rand() directly, with some slight (but completely undefined) entropy added by uniqid().

Proposed resolution

Crypt::hashBase64(uniqid(mt_rand(), TRUE) . mt_rand())
Crypt::hashBase64(uniqid(mt_rand(), TRUE))
Crypt::hashBase64(uniqid(mt_rand(), TRUE) . Crypt::randomString())

can be changed to

Crypt::randomStringHashed()

The reasons for this change are

  • In PHP, mt_rand() Is a very weak RNG, mostly because its state is not *that* hard to guess (the generator is seeded from values - the request time, the PID of the PHP process
  • Neither mt_rand() nor uniqid() should reasonably be used in a context where security is expected. Check out this blog post for more information.

Remaining tasks

The remaining tasks are

  • The patch is ready for security team to RTBC

Original report by [username]

Any reason:

Crypt::hashBase64(uniqid(mt_rand(), TRUE) . mt_rand())
Crypt::hashBase64(uniqid(mt_rand(), TRUE))
Crypt::hashBase64(uniqid(mt_rand(), TRUE) . Crypt::randomString())

Couldnt turn to

Crypt::randomStringHashed()

amd just work? or objections?

The initial reasoning was to have "safe" and "unsafe" random ids: "safe" are generated from the strong random source, "unsafe" are generated from mt_rand() directly, with some slight (but completely undefined) entropy added by uniqid().

This reasoning doesn't really hold: in PHP, mt_rand() Is a very weak RNG, mostly because its state is not *that* hard to guess (the generator is seeded from values - the request time, the PID of the PHP process, etc. - that are partially observable and not very random). We should (but we don't) seed the generator with strong values before using it. And at this point, the performance difference between generating random bytes from mt_rand() and reading them (in a 8k batch) directly from /dev/urandom is not going to make a difference for us.

So, I would recommend getting rid of all the mt_rand() and the uniqid() in core, and be done with it.

CommentFileSizeAuthor
#4 drupal_core-crypt_random_string_hashed-1985940-4.patch3.36 KBAnonymous (not verified)

Comments

ircmaxell’s picture

ircmaxell commented

For what it's worth, I agree 100%. Neither mt_rand() nor uniqid() should reasonably be used in a context where security is expected. Check out this blog post for more information.

I would definitely recommend switching to a mcrypt/openssl//dev/urandom based system for those random entropy needs.

dcam’s picture

dcam commented
Issue tags: +Needs issue summary update

http://drupal.org/node/1427826 contains instructions for updating the issue summary with the summary template.

tim.plunkett’s picture

tim.plunkett
he/him
Primary language English
Location Philadelphia
commented

This either needs to happen soon, or it won't happen in D8.

Anonymous’s picture

Anonymous (not verified) commented
Status: Active » Needs review
StatusFileSize
new drupal_core-crypt_random_string_hashed-1985940-4.patch3.36 KB

Fix for 1985940

Crell’s picture

Crell commented
Issue tags: +Needs security review

The code looks fine to me visually, but someone from the sec team should RTBC this.

a_thakur’s picture

a_thakur commented
Issue summary: View changes
Issue tags: -Needs issue summary update
Related issues:

Removed https://drupal.org/node/777210 as related issues. This node gives access denied.

a_thakur’s picture

a_thakur commented
Issue summary: View changes
a_thakur’s picture

a_thakur commented
Issue summary: View changes
a_thakur’s picture

a_thakur commented

Updated Issue Summary.

damien tournoud’s picture

damien tournoud commented
Status: Needs review » Closed (duplicate)
Related issues: +#2140433: Port SA-CORE-2013-003 to Drupal 8

We handled this as part of SA-CORE-2013-003 for Drupal 6 and 7.