[wp-trac] [WordPress Trac] #39309: Secure WordPress Against Infrastructure Attacks
WordPress Trac
noreply at wordpress.org
Tue Mar 5 14:54:46 UTC 2019
#39309: Secure WordPress Against Infrastructure Attacks
------------------------------------------+-----------------------
Reporter: paragoninitiativeenterprises | Owner: pento
Type: enhancement | Status: assigned
Priority: normal | Milestone: 5.2
Component: Upgrade/Install | Version: 4.8
Severity: critical | Resolution:
Keywords: has-patch | Focuses:
------------------------------------------+-----------------------
Comment (by paragoninitiativeenterprises):
@dd32 Looking at this patch and your comment above:
https://github.com/WordPress/wordpress-
develop/compare/da4f8d0ffbab9699d940a4bde6839def27956021...9f472e100f8da6d11eb818f99510d74f3dfcd06a
Using `hash_file()` makes a lot of sense for keeping memory usage low. We
wrote `ParagonIE_Sodium_File` to accomplish the same overall goal, but
it's not foolproof.
Additionally, SHA384 is the best possible hash function for PHP <7.1
support. (Composer uses this hash function too.) If anyone is concerned
about SHA384 being used in other protocols, adding domain separation (as
simple as using `hash_hmac_file()` with the HMAC key being a constant
specific to WordPress that bears no secrecy requirements) would ensure
that the hashes used in the file verification are distinct to WordPress.
Base64 is fine here. All of the keys and signatures involved in the patch
are public information anyway.
Overall, I think your patch makes sense and the main operational overhead
remaining would be to generate/manage the Ed25519 keys on the WP.org side.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39309#comment:57>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list