Go to English page

ViaThinkSoft CodeLib

Dieser Artikel befindet sich in der Kategorie:
CodeLibProgrammierhilfenPHP

Following method of signing a value is vulnerable, because a Length Extension Attack can be performed:

<?php define('SECRET', ...);
if (
$_REQUEST['validation'] == sha1(SECRET.$_REQUEST['email'])) {
    echo 
"Logged in as ".$_REQUEST['email'];
} else {
    echo 
"Access denied";
?>

Following method is still vulnerable because the HTTP-argument 'email' can be passed as array (&email[]=...) which will result in hash_hmac returning NULL. Also, the comparison is vulnerable to type juggling and timing attack.

<?php define('SECRET', ...);
if (
$_REQUEST['validation'] == hash_hmac('sha256'$_REQUEST['email'], SECRET)) {
    echo 
"Logged in as ".$_REQUEST['email'];
} else {
    echo 
"Access denied";
?>

Following method is safe (as far as I know):

<?php define('SECRET', ...);
if (
hash_equals($_REQUEST['validation'], hash_hmac('sha256'$_REQUEST['email'], SECRET))) {
    echo 
"Logged in as ".$_REQUEST['email'];
} else {
    echo 
"Access denied";
?>
Daniel Marschall
ViaThinkSoft Mitbegründer

Lob? Kritik? Probleme? Schreiben Sie uns!

Ihr Name (optional):

E-Mail-Adresse (optional):

Nachricht: