0

I am currently doing a little study on what I can possibly do to secure the cookie data I send to my client. It turns out that it all boils down to signing my cookies - not a big deal, right?

Well, actually, that is only partially true. I am stuck at deciding what secret to use. You see, my app is open-sourced and I won't suddenly close the open source code down. So I need a mechanism that'd allow me to keep the secret a serious secret, and make sure the end user, that reads through my code, won't immediately be able to break through. Because, anything is hackable if you tinker with it long enough - that's how I see it.

Anyway I am getting off topic.

I am working with PHP and NodeJS. What are the best ways to pick a secret, that will forever stay a secret?

My initial thoughts: - My server's private key - A random string, put into a text file outside of world-access

My app currently runs Yii1, but I am switching to laravel 5.

Gray
  • 7,050
  • 2
  • 29
  • 52
Ingwie Phoenix
  • 2,703
  • 2
  • 24
  • 33
  • 1
    just generate a random one on installation, and store it in the db. Then eash install will have a unique secret, and the only person who has access to it is the site owner. – Steve Oct 20 '15 at 14:16
  • I wouldn't store this in a database, I'd suggest storing it in the filesystem **outside of the document root** instead. – Scott Arciszewski Oct 20 '15 at 16:13

1 Answers1

1

It turns out that it all boils down to signing my cookies - not a big deal, right?

Be very careful here. Many people attempted to implement such a feature before, only to render their apps remotely exploitable.

I would almost argue that you shouldn't write this yourself. One of the features I'm building for my libsodium wrapper library is an authenticated encryption wrapper for HTTP cookies.

What are the best ways to pick a secret, that will forever stay a secret?

Easiest: Using 32 bytes from /dev/urandom, stored in a configuration file outside of your document root.

Most secure: Use a HSM so your keys are never accessible, even if an attacker gets root on your server.

Community
  • 1
  • 1
Scott Arciszewski
  • 33,610
  • 16
  • 89
  • 206
  • Well I did plan on using some kind of library; I figured someone would've implemented a trustworthy solution. In fact, Halite seems to be what I was looking for. But this is from just looking at it for about ten minutes. But, would there be a way without neeidng libsodium? Reason: I may wish to port to Win32. Would I still be able to guarantee compatibility? – Ingwie Phoenix Oct 20 '15 at 21:05
  • 1
    I also just read through the CVE. I...must say, I feel sorry for the developers. What a big hole that is indeed. But it made me understand what you meant. I will take care to avoid str_shuffle()ing myself like this. :) – Ingwie Phoenix Oct 20 '15 at 21:06
  • Epilogue: After the email went out, they promptly deleted that class from their repository. – Scott Arciszewski Oct 20 '15 at 21:58
  • Sorry @IngwiePhoenix I didn't see your first comment for some reason. Check out https://github.com/defuse/php-encryption which doesn't rely on libsodium (and we're working hard on version 2). – Scott Arciszewski Oct 20 '15 at 23:13