Ruby Issue Tracking System: Issueshttps://bugs.ruby-lang.org/https://bugs.ruby-lang.org/favicon.ico?17113305112009-07-13T08:29:09ZRuby Issue Tracking System
Redmine Backport191 - Bug #1767 (Closed): cgi/session/pstore generating filenames with to less randomnesshttps://bugs.ruby-lang.org/issues/17672009-07-13T08:29:09Zckruse (Christian Kruse)cjk@wwwtech.de
<p>=begin<br>
Hi there,</p>
<p>after looking through the code of cgi/session/pstore.rb of ruby 1.9.1 I noticed how filenames are created. Line 48 ff a md5 digest is generated over the session id and then the first 16 bytes of the hex string representation of the checksum are used as the filename (together with a prefix).</p>
<p>48 id = session.session_id<br>
49 require 'digest/md5'<br>
50 md5 = Digest::MD5.hexdigest(id)[0,16]<br>
51 path = dir+"/"+prefix+md5</p>
<p>While I undestand that one cannot use a full blown SHA512 hash due to the restrictions of the filename, I really don't understand to do something like that. Since MD5 already is considered weak, the count of possible hashes generated by this method are shortened by 50%. It seems to be pretty clear to me that this makes the algorithm vulnerable to several collision attacks for session hijacking; the attacker doesn't has to get the full MD5 hash, he only has to get the HALF MD5 hash to hijack the session.</p>
<p>With the additional known collisions for the MD5 algorithm itself I think it would be relatively easy to hijack the session just bei intelligent brute force.</p>
<p>Greetings,<br>
CK<br>
=end</p>