How does Nginx look-up cached resource?
Maxim Dounin
mdounin at mdounin.ru
Mon Sep 7 16:58:11 UTC 2015
Hello!
On Mon, Sep 07, 2015 at 05:44:49PM +0300, Gena Makhomed wrote:
> On 06.09.2015 4:56, Maxim Dounin wrote:
>
> >>The security of the MD5 hash function is severely compromised.
> >>A collision attack exists that can find collisions within seconds
> >>on a computer with a 2.6 GHz Pentium 4 processor (complexity of 2**24.1)
> >>- https://en.wikipedia.org/wiki/MD5#Security
> >
> >I said "took", not "takes now". The MD5 hash function was
> >introduced in 1991, and the first collision was found in 2004.
> >
> >Also, it's important to understand that, while collision attacks
> >now exists, it doesn't really make MD5 bad for various
> >non-security uses.
>
> nginx cache is security use too.
>
> If user configure common shared cache for all virtual servers,
> and config have two servers: first, protected by access,
> auth_basic or auth_request modules from unauthorized use,
> and second server with publicly available content.
>
> If attacker know proxy_cache_key, for example $scheme$host$request_uri
> and know $request_uri from protected site - he can create MD5/crc32
> collision by building specific $request_uri for second server,
> and he will got unauthorized access to protected content
> from the first, protected web site.
>
> This is looks like vulnerability.
Yes, this looks like a valid example of a potentially affected
configuration. Though as far as I know, it is not currently
possible to construct a value (which choosen prefix) that maps to
a given md5 value.
> And this vulnerability can be fixed as Sergey Brester propose:
>
> We should always compare the keys,
> after cache entry with hash value was found.
>
> Or vulnerability can be minimized by using secure hash
> function instead of current cryptographically broken MD5.
I think moving away from MD5 is a right way to go.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list