[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
WordPress Trac
noreply at wordpress.org
Tue Feb 6 20:04:00 UTC 2018
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------
Reporter: paragoninitiativeenterprises | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Upgrade/Install | Version: 4.8
Severity: critical | Resolution:
Keywords: has-patch | Focuses:
------------------------------------------+-----------------------
Comment (by ericmann):
Replying to [comment:34 paragoninitiativeenterprises]:
> I have not suddenly had enough of a financial windfall to be able to pay
NCC Group, Kudelski Security, Least Authority, or another trusted firm
$2,000-$4,000 per day for a N-week engagement (where N >= 2) to audit
sodium_compat.
>
> I started discussions with Mozilla about covering such an audit last
year. It never went anywhere.
I would absolutely ''love'' if an organization with the necessary
financial resources would contribute to such an audit. Sodium is now in
PHP as a core extension and is fast becoming the standard used for secure
crypto in our community. It's fast, secure, and well-supported in a
variety of languages. Even projects like GPG
(https://www.gniibe.org/memo/software/gpg/keygen-25519.html) are moving to
the crypto primitives exposed by Sodium.
Even without a formal audit, this is a well-established, well-known
library. It's baked into Joomla, CodeIgniter, and many other projects -
just take a look at Packagist! Some modern projects will just push devs
towards using the native PHP 7.2 support for Sodium or the Pecl extension
for PHP7+ ... WordPress can't do either of those because of our support
for even older versions of PHP. sodium_compat literally exists to allow
devs who can't use 7.2 or the Pecl package to still use secure crypto.
> > What sort of peer review has the sodium_compat library had?
>
> Aside from Michael Babker, a lot of security/cryptography experts have
looked at it on some capacity.
>
> However, none of them have given public statements of endorsement. I'll
ask some of them to comment on whether or not they would recommend it.
I've written extensively about both Sodium itself and the sodium_compat
module as an efficient polyfill for developers who can't use the modern
extensions available in PHP >= 7.0. By "extensively" I mean several
references in publications like php[architect] and even ''an book on
secure PHP application development.''
I work on cryptographically-secure tools for a living. I write PHP code
for a living. I wouldn't recommend sodium_compat unless I was confident in
it. My job literally depends on the quality of this library. I've reviewed
''several'' Sodium compatibility libraries while building out our team's
products (in multiple languages, including Go, Java, and Ruby).
sodium_compat is head and shoulders about the rest in terms not just of
quality but also coverage of the Sodium library itself. Many others merely
implement a handful of functions for a specific project; sodium_compat
provides _full_ support for all of Sodium's functionality, meaning
developers aren't limited to just one part of the library.
Whenever PHP and WordPress developers ask me about crypto, the ''first''
thing I tell them to do is upgrade to PHP 7.2 so they can use Sodium. Even
then I encourage the use of sodium_compat merely so their code is more
portable - it will use the native extension if available, fall back to the
Pecl module if needed, then leverage a PHP-based implementation as a last
resort.
Has the library undergone peer review? Yes.
Is it something other devs in the crypto world recommend? Yes.
Is this something we should have in WordPress so WP devs can be using
quality, industry-standard best practices when it comes to crypto? YES!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:35>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list