Bug #1767

cgi/session/pstore generating filenames with to less randomness

Added by ckruse (Christian Kruse) almost 11 years ago. Updated 10 months ago.

ruby -v:
ruby 1.9.1p129 (2009-05-12 revision 23412) [x86_64-linux]


Hi there,

after looking through the code of cgi/session/pstore.rb of ruby 1.9.1 I noticed how filenames are created. Line 48 ff a md5 digest is generated over the session id and then the first 16 bytes of the hex string representation of the checksum are used as the filename (together with a prefix).

48 id = session.session_id
49 require 'digest/md5'
50 md5 = Digest::MD5.hexdigest(id)[0,16]
51 path = dir+"/"+prefix+md5

While I undestand that one cannot use a full blown SHA512 hash due to the restrictions of the filename, I really don't understand to do something like that. Since MD5 already is considered weak, the count of possible hashes generated by this method are shortened by 50%. It seems to be pretty clear to me that this makes the algorithm vulnerable to several collision attacks for session hijacking; the attacker doesn't has to get the full MD5 hash, he only has to get the HALF MD5 hash to hijack the session.

With the additional known collisions for the MD5 algorithm itself I think it would be relatively easy to hijack the session just bei intelligent brute force.



Updated by xibbar (Takeyuki FUJIOKA) almost 11 years ago

  • Assignee set to xibbar (Takeyuki FUJIOKA)




Updated by shyouhei (Shyouhei Urabe) almost 10 years ago

  • Status changed from Open to Assigned




Updated by jeremyevans0 (Jeremy Evans) 10 months ago

  • Status changed from Assigned to Closed
  • Description updated (diff)

Also available in: Atom PDF