erik-megarad
commented
11 years ago I think this is mostly good. Let me think about it for a bit and test it out and whatnot. One thing that will have to change is that this breaks backwards compatibility by changing the method signature for #initialize.
As one final concern, timestamps are being used to create unique "session keys" for each user. Timestamps are predictable, and predictability is not a good idea here. You should be using randomly-generated nonces.
How would you expire nonces? The point of the timestamp is to provide a maximum amount of replayability if they had a human hand-identify form fields and then a bot perform multiple submissions with this knowledge. Retargeting for image captchas is already A Thing.
stouset
That said, this PR makes a few changes:
To elaborate on the change to HMACs: Simply concatenating a secret to a message and hashing it does not constitute a secure construction. HMACs are used for this purpose, and are specifically designed to avoid things like length extension attacks as well as maintain some security even in the face of collisions in the unkeyed hash function.
Additionally, strings can't simply be concatenated to form the message. This can allow attackers to manipulate message boundaries. You attempted to use hyphens, but the output of
Time.nowalready includes them and so they cannot be reliably used to delineate message boundaries. Length prefixes are a sufficient solution (as suggested in the linked article).Full disclosure: I have not run the tests for this change. I edited it in the GitHub editor. You should probably run the tests. I porblaby hvae a tpyo soemwheer.
As one final concern, timestamps are being used to create unique "session keys" for each user. Timestamps are predictable, and predictability is not a good idea here. You should be using randomly-generated nonces. As this requires a change across multiple files (to change the parameter name), I haven't submitted it as part of this edit.