[Owncloud] Cross-site request forgery protection

[Peter Chubb]

Sent from my iPad

On 11/06/2012, at 1:15 PM, Matthew Dawson <matthew at mjdsystems.ca> wrote:

> On June 10, 2012 09:44:24 PM Florian Rüchel wrote:
>> Hi Frank,
>> 
>> I thought about CSRF protection and the general idea already stands. We
>> should now figure out how we want to have it implemented and then I will
>> start working on it.
>> 
>> What we need for it would first be a good PRNG (pseudo random number
>> generator). I dug up some code from here:
>> http://forums.thedailywtf.com/forums/t/16453.aspx
>> I looked through it and it seems like a reasonable approach though its
>> fallback is silent and we should think about any kind of user
>> notification or removing the fallback. The important thing here is the
>> seed and this needs to be as random as possible and no microtime or PID
>> stuff will be random enough.
> Hmm ... Well I agree better stronger seeds are good, microtime + PID is pretty difficult to guess.  Especially if you stick a lockout system on it, there is probably enough entropy.  I don't think that fallback is a weakness.  If a user wishes to audit their setup, a page could be created.
> 
>> The solution basically tries:
>> - OpenSSL (very good!)
>> - /dev/urandom (nice one as long as the maintainers keep it random,
>> Debian already did screw up, but random enough for our needs, Unix only
>> though)
> As far as I remember, /dev/urandom wasn't broken, but openssl.  /dev/urandom's only issue is that the entropy is not checked.  For better random numbers, /dev/random is the place to look.  And by itself, /dev/urandom is good enough for our needs as its not a PRNG, it instead uses randomness induced by the computer (thinks like hard drive speeds, which deviate based upon the head's location.)
> 
In a VM there may be very little entropy available.  If /dev/urandom runs out, it just keeps generating weakly pseudorandom stuff --- not good for crypto.

Peter C