-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
misc: better random strings #11838
misc: better random strings #11838
Conversation
f998c19
to
fdb658c
Compare
The restrictions may have been for legacy server compatibility? @monnerat |
Generate alphanumerical random strings. Prior this change curl used to create random hex strings. This was mostly okay, but having alphanumerical random strings is better: The strings have more entropy in the same space. The MIME multipart boundary used to be mere 64-bits of randomness due to being 16 hex chars. With these changes the boundary is 22 alphanumerical chars, or little over 130 bits of randomness.
Don't bother to spend much time on that. This is definitely micro.
|
fdb658c
to
9051dad
Compare
Regarding the legacy server compatibility aspect: I did not make Digest Auth use alnum, even though For other things using alnum should be safe, I think. |
No, I did not have such limitation in mind when I wrote mime: I used this procedure because it was available and already used for that purpose in the legacy form API code: Lines 1555 to 1567 in 5bae727
In fact, the randomness is not very important in mime: there is no cryptographic and/or secrecy requirements and the only things we need are:
Both are already unlikely to happen. |
No MIME RFC spells it out explicitly, but having very low entropy or even predictable boundary would lead to security impact where the attacker could inject arbitrary multiparts via crafted message contents. This of course wasn't the case here, 64-bit of strong randomness is already very difficult to target in any meaningful way. |
My recollection of the layout of the boundary separator: It started out without the long sequence of dashes but was modified to look like this early on (20+ years ago) due to someone having problems with the first approach because - as always - users who wrote server side scripts (PHP?) did lots of assumptions about how to parse and detect that boundary based on how the boundaries that were used by the popular browsers at the time used. We then adapted to this version that looks much more like the browsers' back then. I don't know if this can still be a problem. I don't know if this change actually makes this not look like a browser separator. I don't know if the browsers perhaps have even modified their separators since then. |
Some quick research on the separator browsers use these days:
|
This is causing a warning treated as an error on Windows VS2002 on Appveyor:
|
It's better to create a new issue for that, since this PR has already been merged it is unclear what it means to reopen it? |
The PR is not quite ready to submit? ☺
|
But the commit was not reverted so this PR cannot be merged (again). The code that is merged needs a (different) fix, not this PR... It's not terribly important, I made #11870 to hopefully fix it. |
Right. Let this right here be a warning for anyone trying to micro optimize. 😂 |
Fixed |
Generate alphanumerical random strings. Prior this change curl used to create random hex strings. This was mostly okay, but having alphanumerical random strings is better: The strings have more entropy in the same space. The MIME multipart boundary used to be mere 64-bits of randomness due to being 16 hex chars. With these changes the boundary is 22 alphanumerical chars, or little over 130 bits of randomness. Closes curl#11838
…haracter It was that small on purpose, but this change now adds the null byte to avoid the error. Follow-up to 3aa3cc9 Reported-by: Dan Fandrich Ref: curl#11838 Closes curl#11870
Generate alphanumerical random strings.
Prior this change curl used to create random hex strings. This was mostly okay, but having alphanumerical random strings is better: The strings have more entropy in the same space.
The MIME multipart boundary used to be mere 64-bits of randomness due to being 16 hex chars. With these changes the boundary is 22 alphanumerical chars, or little over 130 bits of randomness.