虚幻 在发行时支付 5%
It’s Open Source Week at SitePoint! All week we’re publishing articles focused on everything Open Source, Free Software and Community, so keep checking the OSW tag for the latest updates.
这是SitePoint的开源周! 我们整周都在发布有关开源,免费软件和社区的文章,因此请继续检查OSW标签以获取最新更新。
Scott Arciszewski, known on Twitter as CiPHPerCoder, is to security what Chris Hartjes is to unit testing.
在Twitter上被称为CiPHPerCoder的 Scott Arciszewski在安全方面就像Chris Hartjes在单元测试中一样。
He’ll pounce on insecure applications, libraries, and packages, find loopholes, problems, and wrong implementations, and help people fix them. He’s the main developer of several popular security-oriented packages, including but not limited to Halite for using libsodium in a more user friendly way, gpg-mailer for sending encrypted emails, random_compat, and more.
他将突击检查不安全的应用程序,库和软件包,发现漏洞,问题和错误的实现,并帮助人们修复它们。 他的几个流行的面向安全软件包的主要开发者,包括但不限于岩盐使用libsodium在一个更加用户友好的方式, GPG-邮件发送加密的电子邮件, random_compat ,等等。
As a big fan of the PHP extension libsodium, he’s currently trying to gauge interest from the wider community in contributing funds to a professional audit of a PHP version. In a nutshell, Scott wants to donate his time to write the PHP version polyfill (which would use libsodium as an extension, if installed), but wants to pay for a professional audit of his work in order to make sure it really is maximally secure. Here’s the thing though – professional code reviews are insanely expensive.
作为PHP扩展libsodium的忠实拥护者,他目前正在尝试评估更广泛的社区对为PHP版本的专业审核提供资金的兴趣。 简而言之,Scott希望贡献自己的时间来编写PHP版本的polyfill(如果安装了libsodium,则将使用libsodium作为扩展名),但他想对他的工作进行一次专业审核,以确保它确实是最大安全的。 这就是问题–专业的代码审查非常昂贵。
Scott was kind enough to find time to answer some questions about this, and we feel like a push for exposure on an impressive project like this is a perfect way to wrap up Open Source Week.
斯科特(Scott)很友善地抽出时间来回答有关此问题的一些问题,我们觉得这是一个令人印象深刻的项目的推动,这是总结“ 开源周”的完美方法。
Libsodium is a modern and easy-to-use cryptography library currently available on PECL (although I hope to land it into PHP 7.2). It offers the best-in-class cryptographic features (symmetric encryption, public-key encryption, digital signatures, password hashing, etc.) and takes great pains to not be vulnerable to what we call side-channel cryptanalysis.
Libsodium是PECL当前可用的现代且易于使用的密码学库(尽管我希望将其引入PHP 7.2)。 它提供了一流的加密功能(对称加密,公共密钥加密,数字签名,密码散列等),并且付出了极大的努力以免受到所谓的旁通道加密分析的影响。
As an example: AES, when implemented in software, is vulnerable to a cache-timing attack. You can learn bits of your secret keys from an unprivileged process (or over the network) based on how much time it takes for a particular operation to complete.
例如:当以软件实现时,AES容易受到缓存定时攻击。 您可以根据完成特定操作所花费的时间,从无特权的过程(或通过网络)中学习一些秘密密钥 。
Some of the more exciting features that libsodium offers include X25519 (Elliptic Curve Diffie-Hellman key agreement over Curve25519), Ed25519 (EdDSA– Edwards-based Digital Signature Algorithm– over Curve25519), Argon2i password hashing, and incredibly easy-to-use encryption APIs. For example, this snippet encrypts/decrypts a message and saves you from having to worry about chosen-ciphertext attacks:
libsodium提供的一些更令人兴奋的功能包括X25519(Curve25519上的椭圆曲线Diffie-Hellman密钥协议),Ed25519(EdDSA –基于Curves 2519的基于Edwards的数字签名算法),Argon2i密码散列以及非常易于使用的加密蜜蜂。 例如,此代码段对消息进行加密/解密,使您不必担心选择密文攻击:
$ciphertext = \Sodium\crypto_secretbox($message, $nonce, $key); $plaintext = \Sodium\crypto_secretbox_open($ciphertext, $nonce, $key); /* var_dump($message === $plainext); // bool(true) */You can use all of these great cryptography features today, if you can install the PHP extension from PECL.
如果您可以从PECL安装PHP扩展,今天就可以使用所有这些出色的加密功能。
However, many PHP developers don’t have the capability of installing (or requiring) optional PHP extensions. There are both technical and political obstacles at play.
但是,许多PHP开发人员没有安装(或要求)可选PHP扩展的能力。 同时存在技术和政治障碍。
Despite these challenges, libsodium is highly desirable for many reasons. Its digital signature algorithm (Ed25519) is the gold standard for public key authentication. Unlike RSA (which allows message forgery if you use PKCS1v1.5 padding and set e=3, via Bleichenbacher’s ’06 attack) and ECDSA (which caused the Sony PS3 security meltdown when they repeated a nonce), Ed25519 is easily implemented in constant-time. You don’t have to worry about invalid curve attacks or twist security (or many other cryptography vulnerabilities with eccentric names) because of Curve25519. But most importantly, Ed25519 is deterministic: you’ll never repeat a nonce and leak your secret key like with classic ECDSA.
尽管存在这些挑战,出于许多原因,libsodium还是非常理想的。 其数字签名算法(Ed25519)是公钥认证的金标准。 不同于RSA(如果您使用PKCS1v1.5填充并通过Bleichenbacher的'06攻击设置e = 3,则允许伪造消息)和ECDSA(当他们重复随机数时会导致Sony PS3安全崩溃)和EdDS19不同,Ed25519可以很容易地以不变的方式实现时间。 您不必担心由于Curve25519而导致无效的曲线攻击或扭曲安全性(或其他许多具有古怪名称的加密漏洞)。 但最重要的是,Ed25519是确定性的:您将永远不会重复随机数,也不会像传统ECDSA那样泄漏您的密钥。
A lot of PHP software would benefit from the cryptography offered by libsodium if only they could make it a dependency today. WordPress, for example, does not use any sort of cryptographic signatures on its automatic update packages. If we could get modern cryptography deployed even on legacy systems, we could save 27% of the Internet from being hacked if api.wordpress.org got compromised. If WordPress can start out with Ed25519 instead of shoehorning in RSA and introducing backward compatibility problems down the line, that would save everyone a lot of headaches.
如果许多PHP软件现在可以依赖它,那么它们将受益于libsodium提供的加密技术。 例如,WordPress在其自动更新程序包上不使用任何类型的密码签名。 如果即使在遗留系统上也可以部署现代加密技术,那么如果api.wordpress.org受到威胁,我们可以避免 27%的Internet被黑客入侵。 如果WordPress可以从Ed25519开始,而不是在RSA中用鞋拔草,然后引入向后兼容性问题,那将为所有人省去很多麻烦。
To that end, I’ve decided to write a pure PHP polyfill for libsodium, starting with Ed25519 first and probably Argon2i last. The polyfill is opportunistic; if the PECL extension is installed, it will use that instead of my implementation.
为此,我决定为libsodium写一个纯PHP的polyfill,首先是Ed25519,最后是Argon2i。 polyfill是机会主义的; 如果安装了PECL扩展名,它将使用该扩展名而不是我的实现。
Development is underway. There’s enough community interest to warrant making the polyfill, but I won’t feel comfortable releasing it to the world until it’s been audited by a third party.
开发正在进行中。 社会上有足够的兴趣来保证制造这种填充物,但是在经过第三方的审核之前,我不愿意将其发布给全世界。
Truth be told, I haven’t done much in the way of reaching out to corporations, given that it’s a holiday weekend in the States. However, after I posted about this on Twitter, the Joomla team immediately began a serious discussion about how much they could pledge from their budget towards getting the polyfill audited.
实话实说,鉴于这是美国的假期周末,我在与公司联系方面并没有做很多事情。 但是,在我在Twitter上发布有关此内容的信息后,Joomla团队立即开始认真讨论他们可以从预算中保证对polyfill进行审核的金额。
The biggest beneficiary would be Automattic, along with anyone who depends on WordPress to pay their bills.
最大的受益者将是Automattic,以及所有依靠WordPress支付账单的人。
I’ve spent much of this morning porting the ref10 curve25519 code to PHP. The biggest challenges I foresee are going to be:
今天上午我花了很多时间将ref10 curve25519代码移植到PHP。 我预见的最大挑战将是:
PHP’s signed integers, especially on 32-bit platforms without the GMP extension. PHP的有符号整数,尤其是在没有GMP扩展名的32位平台上。 When I get to Argon2i, memory limits may prove challenging. 当我进入Argon2i时,内存限制可能会变得很有挑战性。The security challenges (mbstring.func_overload, the fact that chr() isn’t cache-timing-safe, etc.) are the sort of problem I tackle in my day-to-day at PIE, so I’m not sweating those. I’m writing the code to be side-channel-free from day one.
安全挑战( mbstring.func_overload , chr()并非缓存定时安全的事实等)是我在PIE日常工作中要解决的问题,因此我不会为这些问题出汗。 从第一天开始,我就在编写无侧向通道的代码。
I might forego a few non-mainline features (e.g. crypto_pwhash_scryptsalsa208sha256 because we have Argon2i now) unless they’re explicitly needed. It will, however, be completely open source under a permissive license (either ISC like libsodium itself or something like MIT, CC0, WTFPL, or the Unlicense; I don’t have a preference and there are too many to choose from).
除非明确需要,否则我可能会放弃一些非主线功能(例如crypto_pwhash_scryptsalsa208sha256因为现在有了Argon2i)。 但是,在获得许可的情况下,它将是完全开源的(ISB像libsodium本身,或者是MIT,CC0,WTFPL或Unlicense之类的东西;我没有偏好,选择太多了)。
Once at least all of the features of NaCl (what libsodium is based on) are implemented and well tested, the repository will be made public. From that point forward, we’ll be focusing on getting what’s implemented reviewed by other PHP security and cryptography experts and testing on weird platforms that PHP happens to support.
一旦至少实现了NaCl的所有功能(基于libsodium的功能)并进行了良好的测试,该存储库将被公开。 从那时起,我们将专注于让其他PHP安全和加密专家对实现的内容进行审查,并在PHP恰好支持的怪异平台上进行测试。
Without a shadow of a doubt, WordPress users will benefit the most, since we’ll be able to discuss implementing secure automatic updates without bumping the minimum PHP version requirement to 7.2.
毫无疑问,WordPress用户将受益最大,因为我们将能够讨论实现安全的自动更新,而无需将最低PHP版本要求提高到7.2。
The far-reaching implications are that no PHP cryptography project would be left behind. All of them could take advantage of it, even if they support ancient versions of PHP and serve customers that can’t install PHP extensions. There won’t be any common, rational excuses left for clinging to fossils like mcrypt. The entire ecosystem beyond WordPress can move forward towards where projects like Halite and CMS Airship are today.
影响深远的是不会遗留任何PHP密码术项目。 即使它们支持旧版本PHP并为无法安装PHP扩展的客户提供服务,他们所有人都可以利用它。 坚持使用诸如mcrypt之类的化石不会再有任何常见的,合理的借口。 WordPress以外的整个生态系统都可以朝着像Halite和CMS Airship这样的项目发展。
Like random_compat before it, I’m writing the libsodium polyfill to be compatible with PHP as far back as 5.2.4. Unlike random_compat, however, I intend to eventually fork it into two branches:
像之前的random_compat一样,我正在编写libsodium polyfill以与PHP兼容,最早可追溯至5.2.4。 但是,与random_compat不同,我打算最终将其分为两个分支:
v1.x.y – PHP 5.2.x – 7.x.y compatible v1.xy – PHP 5.2.x – 7.xy兼容 v2.x.y – PHP 7.x.y only; uses scalar type declarations with strict typing v2.xy –仅PHP 7.xy; 使用具有严格类型的标量类型声明Presumably, neither branch will need to do much for PHP 7.2 and beyond.
大概,两个分支都不需要为PHP 7.2和更高版本做很多事情。
A cryptography code audit is a service provided by a software security company that specializes in applied cryptography. My employer (Paragon Initiative Enterprises) is one such company that offers these services, but it wouldn’t be good hygiene to audit our own work and tell everyone to trust that we did a thorough job.
加密代码审核是由软件安全公司提供的服务,该公司专门研究应用加密。 我的雇主(Paragon Initiative Enterprises)就是这样一家提供这些服务的公司,但是审核我们自己的工作并告诉所有人都相信我们做得很周全,这并不是一个良好的卫生习惯。
Cryptography code audits are costly. Typically, they require tens of person-days from a reputable third party, which typically bills their consultants out at a rate of $1k to $5k per person-day. But if you’re a company, this is a great investment to make, as most firms don’t have access to the security talent that a software security company does. Two other companies besides my employer that offer these services are NCC Group and Cure53. I don’t know their bill rates, but I’m certain “cheap” isn’t anywhere on the menu; they do good work.
密码术代码审核的成本很高。 通常,他们需要信誉良好的第三方提供数十个人/天的服务,第三方通常会以每人每天1000美元至5000美元的价格向顾问收取费用。 但是,如果您是一家公司,这是一笔巨大的投资,因为大多数公司都无法像软件安全公司那样获得安全人才。 除了我的雇主以外,还有两家提供这些服务的公司是NCC Group和Cure53。 我不知道他们的账单价格,但是我敢肯定菜单上没有“便宜”的东西。 他们做得很好。
The unfortunate truth is that the best PHP devs rarely have more than a few hours to spare to look over anything for free. A code audit is a paid engagement with a team of security experts to carefully review your implementation for mistakes that have security consequences. The level of focus and attention is much greater. For example, the code audits I’ve done for clients are much, much more thorough than the security-related Github issues I’ve opened. Although they are conceptually similar, it’s a night-and-day difference.
不幸的事实是,最好PHP开发人员很少有几个小时的时间来免费查看任何东西。 代码审核是与安全专家团队进行的有偿服务,以仔细检查您的实现是否存在安全后果的错误。 集中注意力的程度要大得多。 例如,我为客户进行的代码审核比我打开的与安全性相关的Github问题要彻底得多。 尽管它们在概念上相似,但这是昼夜的差异。
You can expect the same from a small team of independent reviewers from a software security consultancy.
您可以从软件安全顾问的一小撮独立审阅者小组中获得相同的期望。
If this polyfill library ends up securing a quarter of websites on the Internet, then an audit is non-negotiable.
如果该polyfill库最终可以保护Internet上四分之一的网站安全,则审核是不可协商的。
Considered, but not committed. On the off chance that a large company comes along and says, “Hey, we need this yesterday, we’ll cover the entire cost of the third-party audit,” I’m not in a hurry to ask individuals to reach into their own wallets until I’m sure that isn’t going to happen. I almost certainly cannot pay for an audit out of my own pocket, so asking others to dip into theirs as Plan A doesn’t sit right with me.
考虑过,但没有承诺。 大公司冒着机会说:“嘿,我们昨天需要这个,我们将承担第三方审计的全部费用。”我并不急于要求个人介入他们的工作。拥有钱包,直到我确定这种情况不会发生。 我几乎可以肯定,我无法自掏腰包支付审计费用,所以由于A计划不适合我,因此请其他人参加。
However, if none of the big PHP companies (especially the ones that use WordPress) are willing to pitch in, crowdfunding is definitely my next step. Should this happen, none of the proceeds will be going to pay for development, so there’s not much I can offer in terms of stretch goals. Maybe I could invest anything beyond the goal into getting Defuse Security’s PHP encryption library audited too? (I’m open to suggestions, of course.)
但是,如果没有任何大型PHP公司(特别是使用WordPressPHP公司)愿意参与,那么众筹无疑是我的下一步。 如果发生这种情况,任何收益都不会为发展付出代价,因此就延伸目标而言,我无能为力。 也许我可以投资超出目标的任何东西来对Defuse SecurityPHP加密库进行审核? (当然,我愿意提出建议。)
Tell your coworkers and your boss about this effort to help make it happen.
告诉您的同事和老板有关这项工作的帮助,以实现这一目标。
Once the library’s been audited, use it in your projects. Please let’s just bury RSA and foot-bullety ECDSA in the past where it belongs. Modern elliptic curve cryptography is the future (until quantum computers are a thing, anyway).
对库进行审核之后,请在您的项目中使用它。 请让我们过去将RSA和脚踩弹跳式ECDSA埋葬过去。 现代椭圆曲线密码术是未来(直到量子计算机成为现实)。
At least 27% of the websites on the Internet stand to gain a lot more resilience. My workplace firmly believes security starts with developers, and if successful, this will be Exhibit A when we must defend our philosophy against security vendors selling their useless $100,000 blinking boxes at information security conferences.
互联网上至少有27%的网站能够获得更大的弹性。 我的工作场所坚信安全性是从开发人员开始的,如果成功,这将是附件A,这是我们必须捍卫我们的理念,反对安全供应商在信息安全会议上出售其无用的100,000美元闪烁盒。
I may end up asking companies and (if that fails) individuals to pay a team of outside security experts to point out any mistakes I’ve made along the way.
我可能最终会要求公司和(如果失败的话)个人请一组外部安全专家来指出我在此过程中犯的任何错误。
To anyone who personally dislikes me (possibly due to my blunt security vulnerability reporting over the years), you may soon have the opportunity to literally contribute money toward hiring an expert to publicly tell me I’ve screwed something up, while making the Internet more secure in the process. Where are you going to find a sweeter deal than that?
对于任何个人不喜欢我的人(可能是由于多年来我的安全漏洞报告过头),您可能很快就会有机会从字面上捐出钱来聘请专家公开告诉我我搞砸了,同时使互联网更加普及在此过程中保持安全。 您将在哪里找到比这更优惠的交易?
The libsodium extension finally helped most of the advanced PHP world move away from mcrypt and other outdated security approaches. However, using it was far from easy for all the people on shared hosts, or those locked into outdated CMS and CRM platforms.
libsodium扩展最终帮助大多数高级PHP世界摆脱了mcrypt和其他过时的安全方法。 但是,对于共享主机上的所有人员,或锁定在过时的CMS和CRM平台中的人员而言,使用它绝非易事。
The PHP version of it would change that – it would help projects like WordPress, Joomla, Magento, and others implement a PHP version of libsodium and replace their outdated security methods, all without forcing shared hosts to install any custom extensions.
它PHP版本将改变这种情况–它将帮助WordPress,Joomla,Magento等项目实现PHPsodium版本的libsodium并替换其过时的安全性方法,而所有这些都无需强制共享主机安装任何自定义扩展名。
Naturally, PHP versions on such hosts would still be problematic in many cases, as many of these CMSes and CRMs support long dead PHP versions, but in time, an enormous part of the web ecosystem could become dramatically more secure.
自然,在许多情况下,此类主机上PHP版本仍然会出现问题,因为许多CMS和CRM支持长时间使用PHP版本,但是随着时间的推移,Web生态系统的很大一部分将变得更加安全。
If you work in a company which uses popular PHP-based CRM or CMS software, please bring this to their attention – have them read Scott’s answers and teach them about the benefits of adding libsodium to their applications and the backbone of their systems. A small financial sacrifice today can prevent incredibly expensive bugs later on.
如果您在使用流行的基于PHP的CRM或CMS软件的公司中工作,请引起他们的注意-让他们阅读Scott的答案,并教他们将libsodium添加到其应用程序和系统主干中的好处。 今天的一小笔经济牺牲可以防止以后产生难以置信的昂贵错误。
翻译自: https://www.sitepoint.com/what-would-you-pay-to-make-27-of-the-web-more-secure/
虚幻 在发行时支付 5%