Project

General

Profile

Actions

Bug #1767

closed

cgi/session/pstore generating filenames with to less randomness

Added by ckruse (Christian Kruse) almost 15 years ago. Updated over 4 years ago.

Status:
Closed
ruby -v:
ruby 1.9.1p129 (2009-05-12 revision 23412) [x86_64-linux]
[ruby-core:24297]

Description

=begin
Hi there,

after looking through the code of cgi/session/pstore.rb of ruby 1.9.1 I noticed how filenames are created. Line 48 ff a md5 digest is generated over the session id and then the first 16 bytes of the hex string representation of the checksum are used as the filename (together with a prefix).

48 id = session.session_id
49 require 'digest/md5'
50 md5 = Digest::MD5.hexdigest(id)[0,16]
51 path = dir+"/"+prefix+md5

While I undestand that one cannot use a full blown SHA512 hash due to the restrictions of the filename, I really don't understand to do something like that. Since MD5 already is considered weak, the count of possible hashes generated by this method are shortened by 50%. It seems to be pretty clear to me that this makes the algorithm vulnerable to several collision attacks for session hijacking; the attacker doesn't has to get the full MD5 hash, he only has to get the HALF MD5 hash to hijack the session.

With the additional known collisions for the MD5 algorithm itself I think it would be relatively easy to hijack the session just bei intelligent brute force.

Greetings,
CK
=end

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0