[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
WordPress Trac
noreply at wordpress.org
Fri Jan 13 20:41:44 UTC 2017
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+------------------------------
Reporter: paragoninitiativeenterprises | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
------------------------------------------+------------------------------
Changes (by paragoninitiativeenterprises):
* keywords: => has-patch
Comment:
Example keypairs to go along with this patch.
{{{#!php
<?php
$keypair =
hex2bin('1887e3dec051b02d61ae2e2e2e2c1ffde69ab8ced3f69b1681dcb59ab36b138f4d6236cc44829b2f96a26d905aec92162077ef5aa7e0a4e2a6d251258dc83bd14d6236cc44829b2f96a26d905aec92162077ef5aa7e0a4e2a6d251258dc83bd1');
$secret_key =
hex2in('1887e3dec051b02d61ae2e2e2e2c1ffde69ab8ced3f69b1681dcb59ab36b138f4d6236cc44829b2f96a26d905aec92162077ef5aa7e0a4e2a6d251258dc83bd1');
$public_key =
hex2bin('4d6236cc44829b2f96a26d905aec92162077ef5aa7e0a4e2a6d251258dc83bd1');
$publish['Content-Ed25519'] = bin2hex(
ParagonIE_Sodium_Compat::crypto_sign_detached($fileContents,
$secret_key)
);
}}}
The signing should take place offline. Then you just need to store the
Content-Ed25519 data on the server and serve it with each file.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list