Change MD5 Fingerprints to SHA1 Fingerprints #1708
Conversation
|
I'm not sure why the paperclip spec for fog is failing... |
|
👍 @jyurek Please merge this change. On modern hardware SHA1 is even faster than MD5 and at the same time it is less prone to collision attacks. The travis error has nothing to do with this change. According to the Travis build history the fog test failure did also occur with other PRs. |
|
This seems fine. But this is a pretty big change, given that people currently have fingerprints in MD5 format. But, anyway, collisions are problems with hashing functions in general. Are collisions actually something you've had problems with in Paperclip? |
|
It's known for a long time that MD5 is vulnerable to collision attacks. For SHA1 on the other hand, there are still no known collisions, although that might just be a matter of time. I did not have problems yet, but I am using it in a critical environment, so I'd rather be safe than sorry. I don't fear the probability of accidentally colliding filenames, but a deliberate collision attack by a malicious user. (Maybe I am a little paranoid :D) Regarding backwards-compatibility: What do you think about letting the user choose the hash algorithm? |
|
@jyurek With a carefully crafted file, an attacker cam create two distinct files that make the same MD5, and given the nature of paperclip, I think it would be best to move to SHA1. @clemensg I don't like the idea of making MD5 default. The Rails Way™ is convention over configuration, so they should have to choose to use MD5; not to say that the compatibility thing isn't an issue, though. Maybe have a converter that updates the hash to SHA1 whenever it can? |
|
Maybe a rake task to regenerate all fingerprints and a warning in the README and NEWS file? @jyurek Do you expect any issues with backwards-compatibility? |
|
Yes, I expect issues with backwards compatibility! If we're going to add this, then an option for which Digest class to use should be in place, but I'm not 100% sure how/where to add it yet. The |
|
Hi everybody! Is this still an issue? If so, can you please rebase your PR and make sure everything is passing? Thanks! |
|
Yeah, I'll rebase this, give me a little while. |
|
Updated, but I'm not sure what's going on with travis... |
|
Any progress on the status of this? |
|
Hi! What about existing projects who update to this version.. shouldn't there be a way to automatically migrate their MD5 fingerprints to SHA1? A rake task to force the regeneration of all fingerprints would be nice. |
|
paging @jferris @jyurek @mike-burns |
|
This isn't going to get merged without a way to either automatically update the hashes or a way to switch between which class is doing the digesting. As I said before, there are a LOT of people already using MD5 hashes and this would break every single one. Please address this or it won't get merged. Thanks. |
| @@ -94,7 +95,7 @@ def initialize(name, instance, options = {}) | |||
| # attachment: | |||
| # new_user.avatar = old_user.avatar | |||
| def assign(uploaded_file) | |||
| @file = Paperclip.io_adapters.for(uploaded_file) | |||
| @file = Paperclip.io_adapters.for(uploaded_file, @options[:adapter_options]) | |||
| end | ||
|
|
||
| context "SHA1" do | ||
| let(:options) { { :hash_digest => Digest::SHA1 } } |
|
I believe I am content with it. |
| @@ -32,6 +32,7 @@ def self.default_options | |||
| :use_timestamp => true, | |||
| :whiny => Paperclip.options[:whiny] || Paperclip.options[:whiny_thumbnails], | |||
| :validate_media_type => true, | |||
| :adapter_options => { :hash_digest => Digest::SHA1 }, | |||
There was a problem hiding this comment.
I'm sorry to have to repeat this, but SHA1 cannot be the default. At least, not until we have a major version bump. This should remain MD5, and changing it to SHA1 (or anything else provided by Digest) should be well documented. There can (and should) still be tests for SHA1, but it should be specified as an option in those tests, not assumed that it's the default.
Adapters now accept an options parameter, that currently specifies the type of hash digest to use. The default value is SHA1, but can be specified to be any OpenSSL-supported digest. The specs are modified to reflect that. The task just reassigns all of the attachments, thereby regenerating their fingerprints.
| @@ -2,7 +2,8 @@ | |||
|
|
|||
| describe Paperclip::AttachmentAdapter do | |||
| before do | |||
| rebuild_model path: "tmp/:class/:attachment/:style/:filename", styles: {thumb: '50x50'} | |||
| rebuild_model path: "tmp/:class/:attachment/:style/:filename", | |||
| styles: {thumb: '50x50'} | |||
There was a problem hiding this comment.
Align the elements of a hash literal if they span more than one line.
Space inside { missing.
Space inside } missing.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| @@ -65,7 +65,7 @@ | |||
|
|
|||
| @attachment.assign(@file) | |||
| @attachment.save | |||
| @subject = Paperclip.io_adapters.for(@attachment) | |||
| @subject = Paperclip.io_adapters.for(@attachment, hash_digest: Digest::SHA1) | |||
|
It defaults to MD5 now. |
|
I believe defaulting to MD5 is a mistake with this change possibly getting released with Paperclip 5.0 (#1991, #2049), where you can 'get away' with breaking changes. Keep it around as an option for existing users to add so they can upgrade the hashes at their own pace, but keep it secure by default. Go with SHA2, based on https://gist.github.com/tqbf/be58d2d39690c3b366ad |
|
I second that. SHA-256 seems to be a safe default for Paperclip 5.0. I think it is a mistake to switch to SHA1 which has several known flaws. If we update then let's go straight to SHA2 (with 256 bits). SHA2-512 and SHA3 are probably overkill. This PR is sitting around since the end of 2014. Any remaining objections from the maintainers? |
|
Deferring to @jyurek. |
|
I agree that if we change the hashing algorithm, it should be We want to comply with the coding standards and Hound comments for changed code, but leave alone the preexisting code. That way the changeset is smaller and easier to review. If there are only stylistic changes and you can undo them, please do. Thanks! Can you please rebase on top of latest master? Thank you all for your input and work. |
|
Unless somebody beats me to it, I'm willing to work the next week on rebasing this PR with SHA256 as default, incorporating the feedback from Hound and the above comment from @tute, so this can ship in Paperclip 5.0. |
MD5 can collide. SHA1 is better.