[ZendTo] ANNOUNCE: Version 5.10-1 "production" released
John Thurston
john.thurston at alaska.gov
Mon Jul 2 19:15:28 BST 2018
Excellent description and explanation, Jules. Thank you for taking the
time to document the business need, as well as the implementation.
I dug through the code last week, and observed:
A) The Initialization Vector is built with the PHP7 function
'random_bytes'.
B) To permit ZendTo to virus-scan and checksum, the uploaded file is
written to the filesystem and subsequently replaced with the encrypted file.
With respect to (A), my quick read indicates 'random_bytes' (on linux)
uses the system function 'getrandom', which uses /dev/urandom.
/dev/urandom should be a non-blocking call and should be able to deliver
16 bytes. I don't know about the CryptGenRandom used on windows. Nor do
I know how either of these behave on virtualization platforms.
Non-blocking should be non-blocking regardless of the platform, and
(should entropy grow scarce) I suppose occasional pseudo-random numbers
are good enough for the purpose for which these are being used.
With respect to (B), this is a possible leak-point for the unencrypted
file. Should the process die (or the machine be powered off), while the
virus scan or encryption is happening, the unencrypted file will be left
in the file system. There isn't much to do about this except perform
those steps in memory before committing the file to disk. That would
make a large memory footprint! Does ZendTo automatically clobber
derelict files as part of the PHP initialization? This would at least
limit the duration such things are left in the filesystem.
Both A and B are my observations. I don't want to indicate I perceive
them as problems. Any time we start talking about encryption, we should
work hard to understand what we're getting, what it is protecting, and
identify the edge cases.
With my new understanding of what you've built for us, I'll be trying to
ship this new version so my customers have the option of encryption.
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska
More information about the ZendTo
mailing list