MantisBT: master 045a8970

Diff Back to Repository
Author Committer Branch Timestamp Parent
dhx dhx master 2010-02-08 05:46 master cca25660
Affected Issues  0010730: Improve random number generation with openssl_random_pseudo_bytes
Changeset

Issue 0010730: Implement new crypto_api

This implements the foundation of a new Cryptography API which is
responsible for providing cryptography functionality to MantisBT.

For now, the only feature available in this new API is the generation of
secure and strong randomness using openssl_random_pseudo_bytes in PHP
5.3 (if available), /dev/urandom if available on the system or an
enhanced mt_rand generator built on top of PHP's existing Mersenne
Twister pseudo random number.

We used to just rely on a single mt_rand() for generating nonces or
providing other cryptographic functionality. This posed a number of
problems including the leakage of the internal state of the Mersenne
Twister PRNG, enabling users to predict all future outputs of the PRNG.
Additionally, the total number of combinations available from mt_rand()
is very small when in many cases we need more than a few million
combinations of keys.

The new approach calls mt_rand() multiple times and then using a secret
unique salt known only to each MantisBT installation, hashes the output
using the Whirlpool algorithm. This produces 512bits of output that can
be used for creating a random string/nonce. If more than 512bits of
output are required, we simply perform this operation multiple times
until we have generated enough output.

While the new Mersenne Twister method for generating random strings is
still anything but strong or secure, it does raise the bar
significantly. It is hoped that this method is only used as a last
resort when no other options for generating strong randomness are
available.

A new configuration option $g_crypto_master_salt was also added to form
the basis of salting and hashing functions in the future. Currently we
use different keys for RSS, signup/lost password verification and so
forth when it'd be much easier to just derive keys as needed from the
master salt.

If $g_crypto_master_salt is not defined by the user, MantisBT will
refuse to work. This salt must be at least 16 characters long in the
hope that users who don't understand the importance of setting a strong
master salt are informed of their mistake. This refusal to work unless
the user sets a strong $g_crypto_master_salt value in config_inc.php is
necessary because it forms the basis for a lot of the security features
implemented in MantisBT. We don't want users to forgetting to set
$g_crypto_master_salt and using a default value known to the entire
world.
mod - core/constant_inc.php Diff File
mod - admin/install.php Diff File
mod - admin/upgrade_unattended.php Diff File
mod - lang/strings_english.txt Diff File
mod - core.php Diff File
mod - admin/test_langs.php Diff File
add - core/crypto_api.php Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File
mod - config_defaults_inc.php Diff File
mod - admin/check.php Diff File