Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Local storage prefix should not be calculated from substring of DES key #4768
Reported by mgrum on 16 Feb 2015 10:47 UTC as Trac ticket #1490279
The prefix string for local storage is generated from a variable called
This means that an attacker who knows the mail host only has to iterate over all possible user ids and all possible four character ASCII strings (until the MD5 hash matches the one in
This attack needs about
I am not even sure why it is necessary to use a secret salt for this hash in the first place. I think it would be sufficient to use only a hash of the username or something like that. Of course, that would be reproducible, so users could calculate these hashes on their own, but I don't see why this would be a problem, since it is only used as a local storage prefix anyway, which is nothing secret (and also, using a deterministic hash like this would allow server administrators to change the DES key without breaking the local storage). Or am I missing something here?
Comment by @alecpl on 2 Mar 2015 12:26 UTC
So, I see two options here:
We should also consider using sha256, but since this hash really do not secure the local storage, it does not matter, I suppose.