[TYPO3-core] RFC #12502: Feature: Use HMACs for authencity and integrity checks

[Marcus Krause]

Hi!

This is SVN patch request.

Type: (security) feature

Branches: trunk

BT reference: http://bugs.typo3.org/view.php?id=12502


Problem:
On several places in TYPO3 Core, md5() function calls are used to proove
authencity and integrity of parameters in HTTP requests.
One example is showpic eID. By creating a MD5 hash over parameters and
the secret encryption key, TYPO3 makes sure that no further parameter
has been injected ore existing ones aren't modified.

However, MD5 hashing itself prooves to have a bunch of weaknesses. In
the future, the TYPO3 way for integrity checks might become vulnerable.
I hereby suggest to keep up with development in security industry.

Using HMAC [1] is a valid method to proove integrity and authencity of
data. With PHP5, a dedicated function is available. HMAC itself uses
known hashing methods; nonetheless, creating HMACs is more than creating
a hash.

This RFC is about extending t3lib_div by a hmac function. Using the
newly introduced method throughout the Core will be taken care of by an
additional RFC.


Advantages of HMACs in TYPO3:
* having a dedicated method for integrity and authencity checks on data
* raising the awareness of HMACs and thus make them easily useable by
creating a t3lib_div method
* using one API method enables us to easily switch to a different
hashing algorithm in future


Solution:
Extend t3lib_div library by a hmac() method.


Note:
Thanks to Sebastian Kurfürst, HMACs are already used in FLOW3 and Extbase.


Marcus.

[1] http://en.wikipedia.org/wiki/HMAC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 12502.diff
Type: text/x-diff
Size: 1877 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20091107/ee4e935a/attachment-0001.diff>