Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » PHP
  • » [PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support [RSS Feed]

#1 Nov. 15, 2005 22:46:01

Stefan E.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support


Hello,

with MD5 and SHA1 more or less broken, I have hacked together sha256() and
sha256_file(),
because people want a secure hashing function in plain PHP without the need for
3rd party
libraries like mhash.

Both functions are already available to users of the PHP Hardening-Patch for
quite a while.
Actually it is too late in the release process to add it, although it just adds
new files
and only adds a few things in some tables. It is more or less impossible to
break something
but you never know.

If we for some reasons need another 5.1.0 RC, we can maybe add the patch. (It
doesn't need
more than a few compile tests ;)

Patch:http://www.suspekt.org/php-5.1.0-sha256.patch(So ilia... It is maybe up to your judgement only if I should do a last minute
feature commit ;)

Stefan

--
--------------------------------------------------------------------------
Stefan Esser
Hardened-PHP Projecthttp://www.hardened-php.net/GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78
Key fingerprint 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78
--------------------------------------------------------------------------

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#2 Nov. 16, 2005 00:05:10

Ilia A.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support


Stefan,

There will be another RC, but I'd prefer to reserve this feature till
PHP 5.1.1.

Ilia

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#3 Nov. 16, 2005 10:24:47

Jochem M.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support


Stefan Esser wrote:Hello,

with MD5 and SHA1 more or less broken, I have hacked together sha256() and
sha256_file(),
because people want a secure hashing function in plain PHP without the need for
3rd party
libraries like mhash.assuming this is true then the built in session handler is pretty vulnerable
right now no?
one only has the choice of md5 or sha1 for the hashing mechanism of the session
handlers id
as far as I can see ... if php gets a sha256 in the core it would possibly be a
good thing
to make that available as an option for session.hash_function?Both functions are already available to users of the PHP Hardening-Patch for
quite a while.
Actually it is too late in the release process to add it, although it just adds
new files
and only adds a few things in some tables. It is more or less impossible to
break something
but you never know.

If we for some reasons need another 5.1.0 RC, we can maybe add the patch. (It
doesn't need
more than a few compile tests ;)

Patch:http://www.suspekt.org/php-5.1.0-sha256.patch(So ilia... It is maybe up to your judgement only if I should do a last minute
feature commit ;)

Stefan--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#4 Nov. 16, 2005 10:39:41

Stefan E.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support


Hello,

> assuming this is true then the built in session handler is pretty
> vulnerable right now no?
> one only has the choice of md5 or sha1 for the hashing mechanism of
> the session handlers id
> as far as I can see ... if php gets a sha256 in the core it would
> possibly be a good thing
> to make that available as an option for session.hash_function?

I did not want to cause some "panic". MD5 and SHA1 are not completely
broken yet. I think people usually only call a hash function completely
broken when preimage attacks are possible. This means for a given
startvector you can create some input to get a desired endvector. During
the last year there have been various reports about much faster attacks
in normal collision generation, which means the time needed to you just
try to find 2 collisions. (you never know how fast it will be possible
in 1 year from now)

The session handler on the other hand is not really vulnerable to this,
even if there are preimage attacks. In the session handler MD5/SHA1 are
merely used to convert a random number into some other format. Even if
there are preimage attacks on MD5 and SHA1 the "security" of the session
handler relies on not guessable random numbers.
(However it would not be much work to use sha256 in the session
extension as another option once it is in core)

Stefan

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#5 Nov. 16, 2005 18:24:50

Ron K.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support


I just read this news that an MD5 collision can now be done by anyone in 45
minutes (avg) on a P4 1.6 GHz:http://it.slashdot.org/article.pl?sid=05/11/15/2037232&threshold=-1&tid=172&tid=93&tid=228http://www.stachliu.com.nyud.net:8090/collisions.htmlMD5 as the standard for hashing is definately history. All the more reason
for sha256- and alike-functions.

Ron


"Stefan Esser" <> wrote in message

> Hello,
>
> > assuming this is true then the built in session handler is pretty
> > vulnerable right now no?
> > one only has the choice of md5 or sha1 for the hashing mechanism of
> > the session handlers id
> > as far as I can see ... if php gets a sha256 in the core it would
> > possibly be a good thing
> > to make that available as an option for session.hash_function?
>
> I did not want to cause some "panic". MD5 and SHA1 are not completely
> broken yet. I think people usually only call a hash function completely
> broken when preimage attacks are possible. This means for a given
> startvector you can create some input to get a desired endvector. During
> the last year there have been various reports about much faster attacks
> in normal collision generation, which means the time needed to you just
> try to find 2 collisions. (you never know how fast it will be possible
> in 1 year from now)
>
> The session handler on the other hand is not really vulnerable to this,
> even if there are preimage attacks. In the session handler MD5/SHA1 are
> merely used to convert a random number into some other format. Even if
> there are preimage attacks on MD5 and SHA1 the "security" of the session
> handler relies on not guessable random numbers.
> (However it would not be much work to use sha256 in the session
> extension as another option once it is in core)
>
> Stefan

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#6 Nov. 16, 2005 18:34:17

Ilia A.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support


Ron Korving wrote:
> I just read this news that an MD5 collision can now be done by anyone in 45
> minutes (avg) on a P4 1.6 GHz:
>http://it.slashdot.org/article.pl?sid=05/11/15/2037232&threshold=-1&tid=172&tid=93&tid=228>http://www.stachliu.com.nyud.net:8090/collisions.html>
> MD5 as the standard for hashing is definately history. All the more reason
> for sha256- and alike-functions.

If you've read the article closely you'll know that while an impressive
trick, collisions cannot be generated arbitrarily. The program generates
both of the values that result in the same md5 hash . You cannot give it
an md5 and have it generate you a string with the same md5 hash, so md5
is still relatively safe.

Ilia

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#7 Nov. 16, 2005 18:38:21

Ron K.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support


"Ilia Alshanetsky" <> wrote in message

> Ron Korving wrote:
> > I just read this news that an MD5 collision can now be done by anyone in
45
> > minutes (avg) on a P4 1.6 GHz:
> >http://it.slashdot.org/article.pl?sid=05/11/15/2037232&threshold=-1&tid=172&tid=93&tid=228> >http://www.stachliu.com.nyud.net:8090/collisions.html> >
> > MD5 as the standard for hashing is definately history. All the more
reason
> > for sha256- and alike-functions.
>
> If you've read the article closely you'll know that while an impressive
> trick, collisions cannot be generated arbitrarily. The program generates
> both of the values that result in the same md5 hash . You cannot give it
> an md5 and have it generate you a string with the same md5 hash, so md5
> is still relatively safe.
>
> Ilia

Perhaps... for now... I'm no crypto expert and don't aim to be one, but when
I read the /. responses, a lot of people find MD5 dead and gone. Even if
they're wrong, the public will expect functions in PHP to replace the md5
functions. Just my 2 cents, I'm not even trying to start an argument here ;)

Ron

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#8 Nov. 16, 2005 19:04:11

Sara G.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support


Right, so bottom line, MD5 is showing signs of fatigue. Not "broken" or
even significantly weak when used properly, but she's in the twlight years
and it's time to send ma to the old folks home for some rest and green
jello.

SHA1 isn't quite the matriach yet, but despite having miles to go before she
sleeps, it is prudent to bring along the next generation so they can pay the
medical bills when a bout of breast cancer stikes her out of the blue.

Where the hell was I? Oh yeah... +1 on tossin' in sha256() and
sha256_file().

As for sha384 and sha512, I've got two reservations about making them core
functions:
(1) Illusion of security. The advantage of 384 or 512 bits over 256 is
(based on current computing resources) negligible. I'd hate to have people
going sha512 over sha256 simply because they think it'll make their app
"impossible to craxx0r!"
(2) Speed. This is tied into #1 since those same people going sha512()
because they think it's "better" are, in all liklihood, working on 32bit
procs which are fundamentally slower at handling sha384/sha512 which use
64bit registers internally.

Of course, these reservations are just about dulling down the scissor edges
for little Sammy Scripter who doesn't know any better. If I'm going to avoid
being hypocritcal then I have to toss out those arguments at the end of the
day and say I'm +0 on 'em. That is, if there's a strong push to include
them, I'll dig out my 384/512 implementations (which are straight math, no
library deps) and toss 'em in with Steffan's sha256(), but only for PHP 6.0
(or PHP 5.1.1 if the RM feels that's appropriate).

-Sara

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#9 Nov. 16, 2005 23:06:05

Jacques M.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support


Ilia Alshanetsky wrote:
> Stefan,
>
> There will be another RC, but I'd prefer to reserve this feature till
> PHP 5.1.1.
>
> Ilia
>
Hi Guys,

Are there any chances of getting this implemented in the next releases
of PHP 5.0.X and 4.4.X?

Regards
--jm

--
Jacques Marneweckhttp://www.powertrip.co.za/blog/--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#10 Nov. 16, 2005 23:47:07

Jacques M.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support


Sara Golemon wrote:
> Right, so bottom line, MD5 is showing signs of fatigue. Not "broken" or
> even significantly weak when used properly, but she's in the twlight years
> and it's time to send ma to the old folks home for some rest and green
> jello.
>
Also there are sites hosting md5 hashes and the equivalent text for
password cracking.
> SHA1 isn't quite the matriach yet, but despite having miles to go before she
> sleeps, it is prudent to bring along the next generation so they can pay the
> medical bills when a bout of breast cancer stikes her out of the blue.
>
lol
> Where the hell was I? Oh yeah... +1 on tossin' in sha256() and
> sha256_file().
>
+1

*snip*
> Of course, these reservations are just about dulling down the scissor edges
> for little Sammy Scripter who doesn't know any better. If I'm going to avoid
> being hypocritcal then I have to toss out those arguments at the end of the
> day and say I'm +0 on 'em. That is, if there's a strong push to include
> them, I'll dig out my 384/512 implementations (which are straight math, no
> library deps) and toss 'em in with Steffan's sha256(), but only for PHP 6.0
> (or PHP 5.1.1 if the RM feels that's appropriate).
>
Might be useful to squeeze it into 5.1.0, seeing that new features are
normally not allowed to sneak in during a maintenance release?

Regards
--jm
> -Sara
>
--
Jacques Marneweckhttp://www.powertrip.co.za/blog/--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

  • Root
  • » PHP
  • » [PHP-DEV] PHP 5.1.0 - sha256() and sha256_file() support [RSS Feed]

Board footer

Moderator control

Enjoy the 18th of November
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support