Skip to content

Comments

Improvements!#3

Open
ccutrer wants to merge 85 commits intoFooBarWidget:masterfrom
instructure:master
Open

Improvements!#3
ccutrer wants to merge 85 commits intoFooBarWidget:masterfrom
instructure:master

Conversation

@ccutrer
Copy link

@ccutrer ccutrer commented May 11, 2012

  • don't bother encrypting the IV (?!)
    • use the same encryption key for the encryption as for the HMAC
      (easy to configure, since it's the same as for normal CookieStore)
    • compress the session before encrypting it (optional, will skip
      compression if it actually makes it larger)
    • use AES 128 CBC (AES 256 is actually weaker, due to a known
      attack on it), which also reduces the cookie size due to a smaller
      IV and less padding
    • use URI-safe base64 encoding to not waste space percent-encoding
      characters in the cookie
    • use . as the separator between cookie fields (instead of -, which
      is now a part of the base64 encoding)
    • if :expire_after is provided, add a timestamp to the cookie that's
      included in the HMAC to allow for secure expiration of cookies
      (preventing session replay attacks after the expiration of the
      cookie)
    • don't re-set the cookie on every request if the session hasn't
      changed (unless :expire_after is in use, in which case do it every
      5 minutes by default in order to refresh the timestamp)

@ccutrer
improvements and gemify!
0329d67 
 * don't bother encrypting the IV (?!)
 * use the same encryption key for the encryption as for the HMAC
   (easy to configure, since it's the same as for normal CookieStore)
 * compress the session before encrypting it (optional, will skip
   compression if it actually makes it larger)
 * use AES 128 CBC (AES 256 is actually *weaker*, due to a known
   attack on it), which also reduces the cookie size due to a smaller
   IV and less padding
 * use URI-safe base64 encoding to not waste space percent-encoding
   characters in the cookie
 * use . as the separator between cookie fields (instead of -, which
   is now a part of the base64 encoding)
 * if :expire_after is provided, add a timestamp to the cookie that's
   included in the HMAC to allow for secure expiration of cookies
   (preventing session replay attacks after the expiration of the
   cookie)
 * don't re-set the cookie on every request if the session hasn't
   changed (unless :expire_after is in use, in which case do it every
   5 minutes by default in order to refresh the timestamp)
@FooBarWidget
Copy link
Owner

FooBarWidget commented May 11, 2012

Very nice! But why not encrypt the IV? Is it supposed to be public information?

I'm opposed to removing the "It is prone to session replay attacks" sentence from the README. You are less prone now but not completely invulnerable. Attackers can still replay sessions within the timeout period.

@ccutrer
Copy link
Author

ccutrer commented May 11, 2012

Because it's a waste of CPU cycles, adds unnecessary complexity, and does not add any "real" security (an IV is completely random data anyway; encrypting the randomness doesn't make it any more random, nor increase the security of bruteforcing the encrypted data): http://stackoverflow.com/questions/6167114/protect-encrypt-initialization-vector

I'll adjust the readme re: session replay attacks.

ccutrer and others added 27 commits May 11, 2012 13:11
@ccutrer
Update README
abda410 
Include more details on still being vulnerable to session replay attacks, just less vulnerable.
@ccutrer
fix bug with expiring cookie
1f1ed9d 
test plan:
 * set :expire_after, but also set :expires to nil for session
   expiration of the real cookie
 * it shouldn't give a page error when the cookie expires
@fourcolors
Make options a class variable
5a181ea 
Options is now a class variable that you can
change during call time. This way you can set
attributes on the options hash. In this case
we ensure the options hash gets the option
to set :expire_after
@ccutrer
Merge pull request #1 from fourcolors/master
a06560b 
Allow options to be changed.
@ccutrer
version 1.0.2
705a5f0
@lukfugl
record session_started
00f5e86
@lukfugl
rename session_started -> session_refreshed_at
c733335 
the timestamp being used is refreshed every so often and doesn't
actually indicate the *start* of the session
@ccutrer
Merge pull request #2 from lukfugl/session_started
6aeaa44 
record session_refreshed_at
@ccutrer
bump to 1.0.3
2c6f041
@lukfugl
fix calculation of session_refreshed_at timestamp
bcffe64 
the timestamp stored in the encrypted cookie already represents the
"session_refreshed_at" value. in 1.0.3 we incorrectly interpreted it as
a "expires_at" value, as if it already included the expire_after value
@canadaduane
Merge pull request #3 from lukfugl/session_started
02e1853 
fix calculation of session_refreshed_at timestamp
bump to 1.0.4
adde6ed
update gem date
e89056e
@maneframe
update to work with rails 3.2
8577985
@maneframe
update date and authors
1f14985
@maneframe
Merge pull request #4 from maneframe/rails3b
5d3e105 
update to work with rails 3.2
@maneframe
allow setting expire_after before unmarshalling
eb63be8
@lukfugl
Merge pull request #6 from maneframe/expire_after
ac385d1 
allow setting expire_after before unmarshalling
@lukfugl
bump version
9f6fd8f
@maneframe
use unsigned cookies in cookie_jar for rails 2 interoperability
e9b13a0
@ccutrer
bump
7e517d7
@ccutrer
fix deprecation warnings in Ruby 2.1
7429080
@maneframe
Merge pull request #8 from ccutrer/master
ec0cdd3 
fix deprecation warnings in Ruby 2.1
@ccutrer
bump version
3497eb2
@ccutrer
catch exceptions unmarshalling data
6dfe35c
@maneframe
Merge pull request #9 from ccutrer/unmarshal_fix
400b114 
catch exceptions unmarshalling data
@ccutrer
bump version
357c8d8
ccutrer and others added 30 commits November 16, 2016 12:13
@ccutrer
bump version
b4c2fd1
@ccutrer
oops, still compatible with 4.2
cf1956d
@ccutrer
bump version
896d056
@ccutrer
fix enforcing expire_after
9992333
@ccutrer
bump version
c77776f
@ccutrer
stop using deprecated constant
3b34667
@ccutrer
bump version
eb2eacf
@ccutrer
fix encryption for Ruby 2.4
323436c 
Ruby 2.4 validates the encryption key length is exactly the
correct size, instead of just long enough. but be careful, because
we still use the secret for the HMAC, which can take a key of
any length. so only truncate what goes to encryption, not what
goes to HMAC
@ccutrer
Merge pull request #16 from ccutrer/keylength24
7463290 
fix encryption for Ruby 2.4
@ccutrer
bump version
dd2c79b
@ccutrer
allow rails 5.1
fda332d
@ccutrer
bump version
acdde99
@maneframe
rails 5.1: cast durations to integer before calculations
8788d89
@ccutrer
fix refreshing the session on every request
0a30d5c 
keys are strings; don't use a symbol for the timestamp key
@ccutrer
Merge pull request #17 from ccutrer/string_key
22f02da 
fix refreshing the session on every request
@ccutrer
bump version
2ac4b0f
@ccutrer
bump version again to avoid conflict with released/uncommitted version
cc01944
@maneframe
allow rails 5.2
f33cf72
@maneframe
bump version
17f5f27
@ccutrer
allow rails 6.0
3120866
@ccutrer
bump version
1000d1f
@maneframe
fix write_session to work with SessionId
9135120 
rails/rails@92ec9f2

refs #CNVS-49218
@maneframe
bump version
b372fc3
@ccutrer
allow rails 6.1
773274c
@ccutrer
Merge pull request #18 from ccutrer/rails61
ca486e9 
allow rails 6.1
@maths22
Allow rails 7.0
5a7ac10
@maths22
Merge pull request #19 from instructure/rails-70
b982e9f 
Allow rails 7.0
@maths22
Support rails 7.1
30cd360
@aogata-inst
add support for rails 7.2
cd9bbf5
@aogata-inst
add support for rails 8.0
9e6c108
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@ccutrer @FooBarWidget @fourcolors @lukfugl @canadaduane @maneframe @maths22 @aogata-inst