This is an old revision of the document!
PHP RFC: Session ID without hashing
- Version: 1.0
- Create Date: 2016-04-06
- Modified Date: 2016-07-02
- Author: Yasuo Ohgaki yohgaki@ohgaki.net
- Status: Voting
- First Published at: http://wiki.php.net/rfc/session-id-without-hashing
Introduction
The objective of this RFC is session module code cleanup, remove unneeded code complexity and redundancy.
- Hash function is not required to generate session ID with CSPRNG.
- Hash function removal results in less number of INI config.
NOTE: It is meaningless applying hash to CS safe random bytes.
Since PHP 7, there is php_random_bytes() function. Session ID generation does not need hashing for secure session ID generation. Session module may simply convert random bytes to readable characters.
As a bonus, simple session generation performance increased 2X or more.
- w/ Patch: Requests per second: 2278.59 [#/sec] (mean)
- w/o Patch: Requests per second: 899.36 [#/sec] (mean)
Proposal
Use php_random_bytes() generated binary random value directly and convert it to session ID by using session internal bin_to_readable() function.
Remove hash and RNG related codes and settings from session module.
- session.hash_function
- session.hash_bits_per_character
- session.entropy_file
- session.entropy_length
Add new config for session ID generation.
- session.sid_length (Session ID string length. Default: 48)
- session.sid_bits_per_character (Outstanding bits per char. Default: 5)
NOTE: New session ID is far less likely to have collisions. Even if system has broken CSPRNG, session module has session ID collision detection already.
Min/max length of session ID: 22 - 256 (22 is the same length as MD5 hash with_hash_bits_per_chars)
Changed default
session.use_strict_mode (0 to 1) - Changed as insurance of broken PRNG implementation.
Discussions
Exposing PRNG state has risk
If PRNG has vulnerability that generates predictable value, exposing raw PRNG state helps attackers. Although, this is unlikely with modern PRNGs, but risk is there.
To mitigate risk, additional bytes (+60 bytes) are read from PRNG. Additional bytes should be good enough for predictable session ID with broken PRNG implementation.
Backward Incompatible Changes
None. session.sid_length, session.sid_bits_per_character may set to compatible value. Default is incompatible to older versions, if you need session ID string compatibility set INI to
- session.sid_length=32 (Session ID string length. Default: 48)
- session.sid_bits_per_character=4 (Outstanding bits per char. Default: 5)
Proposed PHP Version(s)
PHP 7.1
RFC Impact
To SAPIs
None
To Existing Extensions
Session module
To Opcache
None
New Constants
None
php.ini Defaults
hardcoded default and php.ini-* default values are the same.
- session.sid_length (Session ID string length. Default: 48)
- session.sid_bits_per_character (Outstanding bits per char. Default: 5)
Open Issues
None
Unaffected PHP Functionality
3rd party and user save handlers are unaffected.
Future Scope
Vote
This project requires 2/3 majority.
- 2nd Vote starts 2016-07-24 and ends 2015-07-31 23:59:59
- 1st Vote starts 2016-07-02 and ends 2016-07-11
Patches and Tests
Implementation
After the project is implemented, this section should contain
- the version(s) it was merged to
- a link to the git commit(s)
- a link to the PHP manual entry: http://svn.php.net/viewvc?view=revision&revision=339678