Page MenuHomePhabricator

Upgrade an old "weakDigest()" inside TOTP synchronization code

Authored by epriestley on Dec 13 2018, 8:19 PM.



Ref T13222. Ref T12509. When you add a new MFA TOTP authenticator, we generate a temporary token to make sure you're actually adding the key we generated and not picking your own key.

That is, if we just put inputs in the form like key=123, response=456, users could pick their own keys by changing the value of key and then generating the correct response. That's probably fine, but maybe attackers could somehow force users to pick known keys in combination with other unknown vulnerabilities that might exist in the future. Instead, we generate a random key and keep track of it to make sure nothing funny is afoot.

As an additional barrier, we do the standard "store the digest, not the real key" sort of thing so you can't force a known value even if you can read the database (although this is mostly pointless since you can just read TOTP secrets directly if you can read the database). But it's pretty standard and doesn't hurt anything.

Update this from SHA1 to SHA256. This will break any TOTP factors which someone was in the middle of adding during a Phabricator upgrade, but that seems reasonable. They'll get a sensible failure mode.

Test Plan

Added a new TOTP factor.

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Dec 13 2018, 8:19 PM
epriestley requested review of this revision.Dec 13 2018, 8:21 PM
amckinley accepted this revision.Dec 13 2018, 10:14 PM
This revision is now accepted and ready to land.Dec 13 2018, 10:14 PM
This revision was automatically updated to reflect the committed changes.