Hello! On Mon, Sep 07, 2015 at 05:44:49PM +0300, Gena Makhomed wrote:
> On 06.09.2015 4:56, Maxim Dounin wrote: > > >>The security of the MD5 hash function is severely compromised. > >>A collision attack exists that can find collisions within seconds > >>on a computer with a 2.6 GHz Pentium 4 processor (complexity of 2**24.1) > >>- https://en.wikipedia.org/wiki/MD5#Security > > > >I said "took", not "takes now". The MD5 hash function was > >introduced in 1991, and the first collision was found in 2004. > > > >Also, it's important to understand that, while collision attacks > >now exists, it doesn't really make MD5 bad for various > >non-security uses. > > nginx cache is security use too. > > If user configure common shared cache for all virtual servers, > and config have two servers: first, protected by access, > auth_basic or auth_request modules from unauthorized use, > and second server with publicly available content. > > If attacker know proxy_cache_key, for example $scheme$host$request_uri > and know $request_uri from protected site - he can create MD5/crc32 > collision by building specific $request_uri for second server, > and he will got unauthorized access to protected content > from the first, protected web site. > > This is looks like vulnerability. Yes, this looks like a valid example of a potentially affected configuration. Though as far as I know, it is not currently possible to construct a value (which choosen prefix) that maps to a given md5 value. > And this vulnerability can be fixed as Sergey Brester propose: > > We should always compare the keys, > after cache entry with hash value was found. > > Or vulnerability can be minimized by using secure hash > function instead of current cryptographically broken MD5. I think moving away from MD5 is a right way to go. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
