2

In the session section of php.ini there is a directive called session.entropy_length.

I'm aware that it's used to make the generation of the Session ID "more random".

  • How does it make the Session ID more random?

  • What is the maximum length?

  • What if it's length exceeds the bits of the hash in use?

Will
  • 24,082
  • 14
  • 97
  • 108
SAz
  • 355
  • 4
  • 14
  • 1. You probably shouldn't muck with it. 2. Answer is in the docs. http://php.net/manual/en/session.configuration.php#ini.session.entropy-length – ceejayoz Jan 23 '16 at 21:10
  • I'm voting to close this question as off-topic because SO isn't a replacement for reading the documentation. – ceejayoz Jan 23 '16 at 21:10
  • @ceejayoz Document answers none of the questions. "It reads from a file" and then what? How is this applied (unanswered)? What is the maximum length (unanswered)? What if the bits exceed the hash (unanswered). Please, explain how the docs answer my question in any way. – SAz Jan 23 '16 at 22:07
  • 2
    First explain what problem you're solving by messing with the value. Quick Googling for "how are session IDs generated" results in a number of pieces of PHP docs, as well as http://stackoverflow.com/questions/18937651/php-session-ids-how-are-they-generated. – ceejayoz Jan 23 '16 at 22:11
  • @ceejayoz Thank you for the php src. All clear now! I was searching for "session entropy" on Google and the results were disappointing. – SAz Jan 23 '16 at 22:25

1 Answers1

5

session_id is an hash of the client IP address (32 bits), the current timestamp and microseconds (52 bits), and a value generated from the php combined lcg(), a Psuedo Random Number Generators (PRNG) function (64 bits). The entropy is 148 bits. However, this number should not be considered as an absolute minimum value, as IP address and timestamp are well know from who creates the session.

When an undesirably low amount of entropy is available, it's possible to reconstructing the PRNG's seed from the session id. With the fact that PHP reuses the same entropy sources between different generators, this is even more easier.

The seed is used to generate other pseudorandom values, so if the attacker can obtain the seed value he can predict all the future output (including, but not only, mt_rand() and rand). That's not good.

session.entropy_length is the number of bytes which will be read from the entropy file, usually /dev/urandom or /dev/arandom (from documentation).

If you provide a random source like /dev/random, then the entropy is greater, and the strength of the generated session_id is stronger.

Federkun
  • 36,084
  • 8
  • 78
  • 90