[wp-trac] [WordPress Trac] #50510: Improve security of wp_nonce implementation
WordPress Trac
noreply at wordpress.org
Tue Nov 19 13:17:22 UTC 2024
#50510: Improve security of wp_nonce implementation
-------------------------------+------------------------------
Reporter: chaoix | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses:
-------------------------------+------------------------------
Changes (by johnbillion):
* keywords: dev-feedback => reporter-feedback
Comment:
This is certainly interesting but in order to progress this I'd like to
see:
1. A clear explanation of weaknesses in the current approach
2. How the proposed changes address them
3. A patch file or PR
In order to assess an improvement to a security feature such as this we
need a clear understanding of the problem. I'm not aware of a weakness in
the current nonce system despite its underlying use of md5. The weaknesses
of md5 don't affect to a nonce because a nonce isn't secret and collision
attacks aren't relevant. A nonce in WordPress is short lived (up to 48
hours) and consists of a 10 character hexadecimal string which means it
has over 1 trillion possible values (16^10^).
* Is there a way to reduce the size of that search space in order to make
a brute force attack viable? Bearing in mind that in order to attack a
nonce you need to do so over HTTP, not offline.
* What significance do rainbow tables have? The value used in the hash for
a nonce changes over time, according to the user ID, the user's current
session token, and the salt that's unique to the site.
I'd be ''very'' happy to consider improvements but not without first
having a clear understanding of the problem.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50510#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list