Bug #1767
closed
cgi/session/pstore generating filenames with to less randomness
Description
=begin
Hi there,
after looking through the code of cgi/session/pstore.rb of ruby 1.9.1 I noticed how filenames are created. Line 48 ff a md5 digest is generated over the session id and then the first 16 bytes of the hex string representation of the checksum are used as the filename (together with a prefix).
48 id = session.session_id
49 require 'digest/md5'
50 md5 = Digest::MD5.hexdigest(id)[0,16]
51 path = dir+"/"+prefix+md5
While I undestand that one cannot use a full blown SHA512 hash due to the restrictions of the filename, I really don't understand to do something like that. Since MD5 already is considered weak, the count of possible hashes generated by this method are shortened by 50%. It seems to be pretty clear to me that this makes the algorithm vulnerable to several collision attacks for session hijacking; the attacker doesn't has to get the full MD5 hash, he only has to get the HALF MD5 hash to hijack the session.
With the additional known collisions for the MD5 algorithm itself I think it would be relatively easy to hijack the session just bei intelligent brute force.
Greetings,
CK
=end
Updated by xibbar (Takeyuki FUJIOKA) over 15 years ago
- Assignee set to xibbar (Takeyuki FUJIOKA)
=begin
=end
Updated by shyouhei (Shyouhei Urabe) over 14 years ago
- Status changed from Open to Assigned
=begin
=end
Updated by jeremyevans0 (Jeremy Evans) over 5 years ago
- Description updated (diff)
- Status changed from Assigned to Closed