paragonie-scott

<?php

/* Key generation */
$keypair = openssl_pkey_new([
    "digest_alg" => "sha512",
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
    'private_key_bits' => 1024
]);
$secret = null;
if (!openssl_pkey_export($keypair, $secret)) {

paragonie-scott

<?php
declare(strict_types=1);

class Foo
{
    /**
     * Even if the code that calls isn't using strict_types, it will still TypeError
     * if the wrong type is passed.
     */
    public function bar($param, $secondParam)

paragonie-scott

<?php

/**
 * Since integers in 32-bit PHP 5.x are signed, exclusively, this only goes up to 2147483647
 */
function add_32bit($intA, $intB)
{
    if (!is_int($intA) || !is_int($intB)) {
        return false;
    }

paragonie-scott

TL;DR - Don't use this code ever.

Everything Wrong with this Library

1. Hard-coded key.
2. Hard-coded, static initialization vector for CBC mode.
3. Does not provide authenticated encryption
4. Passes decrypted value to unserialize()

Pour all of the ingredients above into a pot, add a little bit of Python, and you've got a remotely exploitable code injection vulnerability in any project that depends on this "confidential string" library.

paragonie-scott

DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB

paragonie-scott

This is a more "how" to the "what": https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers

HTTPS + Digital Signatures

This is a minimalistic secure auto update approach.

1. Make an API call to a server to get the latest version information. This should be delivered over HTTPS, possibly with HPKP.
2. If an update is available, the client software should download the update file.
3. An Ed25519 signature should be available, either as a separate API call or as an HTTP header with the downloaded file.
4. Verify that the signature is valid for one of the hard-coded Ed25519 public keys.

paragonie-scott

I want to build an app that stops harassment and other forms of unsolicited bullshit.

• I don't want any money for it.
• I don't want to serve ads.
• I just want it to perform one simple task and get out of the user's way.

Goal

A mobile app (Android and/or iOS) that only allows trusted callers to go through.

paragonie-scott

<?php

$message = random_bytes(1024);
$key = random_bytes(32);
$nonce = random_bytes(12);
$tag = '';
$aad = random_bytes(random_int(1, 127));

$cipher = openssl_encrypt($message, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $nonce, $tag, $aad, 16);

paragonie-scott

Private-Key: (4096 bit)
modulus:
    00:f0:71:c0:a3:bb:5f:cc:63:f9:55:33:ed:a3:d0:
    78:ae:fc:ce:2e:f2:36:d1:e5:cb:64:d7:55:37:8b:
    7b:a0:60:5e:31:c3:2a:b3:6e:1f:33:89:0a:ba:f5:
    ab:48:0e:0d:f7:39:31:06:18:3d:66:d8:b9:0e:ba:
    bb:08:46:78:3a:51:4b:61:d7:0a:9d:46:54:72:94:
    71:b6:a7:82:58:5b:6d:96:11:ae:f7:d2:19:f2:b1:
    20:e7:00:72:df:15:ac:1f:1e:1e:34:04:fc:0b:63:
    b5:03:ff:47:34:27:c7:54:4e:ee:d7:c7:77:cd:1d:

paragonie-scott

Via Twitter

Authors consider SQLi as main attack vector. Hashed token mitigate r/o SQLi, encrypted mitigate r/w SQLi

That actually doesn't buy you anything. Consider the following table schema:

CREATE TABLE reset_tokens (
    tokenid BIGSERIAL PRIMARY KEY,
 selector TEXT,