Home / vulnerabilitiesPDF  

RNCryptor Timing Issue

Posted on 11 June 2015
Source : packetstormsecurity.org Link

 

Hi Full Disclosure,

>From their page (https://rncryptor.github.io):

RNCryptor is a data format specificiation for AES encryption, with AES-256,
> random-salted PBKDF2, AES-CBC, random IV, and HMAC. It has implementations
> in several languages.

Their PHP implementation has two vulnerabilities in the same line of code,
which looks like this:

return ($components->hmac == $this->_generateHmac($components, $hmacKey));

The issues here:

1. A timing side-channel.
2. Use of the == operator can treat strings as floats, depending on the
input

We have opened a Github issue about this and recommend a simple patch:
https://github.com/RNCryptor/RNCryptor-php/issues/5

*A Call to Action about Cryptography in PHP Applications:*

If anyone is serious about encrypting information in a PHP application,
please install libsodium from PECL and use that. Libsodium can already be
used in most popular programming languages, so a cross-platform concern
(what RNCryptor sought to fulfill) is already solved.

Of course, please do ask your resident cryptography experts if you're
unsure of this advice. They should, with all likelihood, agree that it's
far better than any PHP cryptography. Especially any that rely on the
abandonware mcrypt extension:
https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong

If you can't use PECL, you have two good options (neither of which, to my
knowledge, has a cross-platform implementation in other popular languages):

- https://github.com/defuse/php-encryption
- https://github.com/zendframework/zend-crypt

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>

 

TOP