[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks

WordPress Trac noreply at wordpress.org
Tue Mar 5 14:54:46 UTC 2019


#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------
 Reporter:  paragoninitiativeenterprises  |       Owner:  pento
     Type:  enhancement                   |      Status:  assigned
 Priority:  normal                        |   Milestone:  5.2
Component:  Upgrade/Install               |     Version:  4.8
 Severity:  critical                      |  Resolution:
 Keywords:  has-patch                     |     Focuses:
------------------------------------------+-----------------------

Comment (by paragoninitiativeenterprises):

 @dd32 Looking at this patch and your comment above:
 https://github.com/WordPress/wordpress-
 develop/compare/da4f8d0ffbab9699d940a4bde6839def27956021...9f472e100f8da6d11eb818f99510d74f3dfcd06a

 Using `hash_file()` makes a lot of sense for keeping memory usage low. We
 wrote `ParagonIE_Sodium_File` to accomplish the same overall goal, but
 it's not foolproof.

 Additionally, SHA384 is the best possible hash function for PHP <7.1
 support. (Composer uses this hash function too.) If anyone is concerned
 about SHA384 being used in other protocols, adding domain separation (as
 simple as using `hash_hmac_file()` with the HMAC key being a constant
 specific to WordPress that bears no secrecy requirements) would ensure
 that the hashes used in the file verification are distinct to WordPress.

 Base64 is fine here. All of the keys and signatures involved in the patch
 are public information anyway.

 Overall, I think your patch makes sense and the main operational overhead
 remaining would be to generate/manage the Ed25519 keys on the WP.org side.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:57>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list