Via Twitter
Authors consider SQLi as main attack vector. Hashed token mitigate r/o SQLi, encrypted mitigate r/w SQLi
That actually doesn't buy you anything. Consider the following table schema:
CREATE TABLE reset_tokens (
tokenid BIGSERIAL PRIMARY KEY,
selector TEXT,
verifier TEXT,
user BIGINT REFERENCES users (userid),
expires TIMESTAMP
);
We recommended hashing the verifier. You might think encryption would mitigate against read/write SQLi, but you can do this:
- Issue a reset for an unprivileged user.
UPDATE reset_tokens SET user = {$target} WHERE selector = {$knownToAttacker}
- Access the URL.
That works even if you can't just break out of the database, into the filesystem, and exfiltrate their encryption keys.
Out of curiosity: Why JWT specifically? What does JWT offer that you can't solve with
hash_hmac()
andhash_equals()
?I don't really see a need for encryption. All you need is, given a threat model of UPDATE queries, message integrity. That's what HMAC offers.
What's "good crypto" about JWT that isn't offered by HMAC?