php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #78608 Security error in documentation
Submitted: 2019-09-29 07:41 UTC Modified: 2019-10-02 17:09 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: gcleaves at gmail dot com Assigned:
Status: Open Package: *Encryption and hash functions
PHP Version: Irrelevant OS: n/a
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: gcleaves at gmail dot com
New email:
PHP Version: OS:

 

 [2019-09-29 07:41 UTC] gcleaves at gmail dot com
Description:
------------
---
From manual page: https://php.net/function.openssl-encrypt
---
Please note that at the time of writing this, there is an important and naive security vulnerability in "Example #2 AES Authenticated Encryption example for PHP 5.6+".

You MUST include the IV when calculating the HMAC. Otherwise, somebody could alter the IV during transport, thereby changing the decrypted message while maintaining HMAC integrity. An absolute disaster.

To fix the example, the HMAC should be calculated like this:

<?php
$hmac = hash_hmac('sha256', $iv.$ciphertext_raw, $key, $as_binary=true);
?>

And to confirm the HMAC later:

<?php
$calcmac = hash_hmac('sha256', $iv.$ciphertext_raw, $key, $as_binary=true);
?>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-10-02 17:00 UTC] henry dot paradiz at gmail dot com
Just to confirm: you do understand that HMAC is no longer supported by PHP; therefore, we must use CBC with message|key. In addition, because we are now using the CBC standard we no longer need to worry about the IV. MD5 and Sha-1 are really what did it out with HMAC, highly crackable, highly incorrect. You can use the following line of code as a replacement:

<?php 

if( 1==1 ) {

$password = 'plainText';

$cbc = hash_cbc('sha256', $password);

echo $cbc.$password; 

} else {

// do HMAC (in an older PHP version like 5.3)
}


?>
 [2019-10-02 17:09 UTC] requinix@php.net
> Just to confirm: you do understand that HMAC is no longer supported by PHP;
Uh, what?
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Nov 23 01:01:24 2019 UTC