starred/cypht
1
0
Fork 0
mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 04:56:03 +03:00
Code Issues 137 Projects Releases Packages Wiki Activity

[GH-ISSUE #99] Backwards compatibility breakage coming, here is what you can do #79

New issue
Closed
opened 2026-02-25 21:34:06 +03:00 by kerem · 3 comments
kerem commented 2026-02-25 21:34:06 +03:00
Owner
Copy link

Originally created by @jasonmunro on GitHub (Jul 24, 2016).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/99

There are 2 issues in the code that will break existing saved settings. Both are pro-active changes to address potential security issues, neither of which has been exploited or proven exploitable.

  1. The same key was being used to both encrypt strings and build the hmac hash used to verify an encrypted payload. I'm not aware of specific guidance that these must be different, but it seems reasonable to use different keys here just in case.
  2. User and site settings currently use PHP serialize. Unserializing data opens a potential vulnerability if the data has been compromised. To avoid this potential vector we are switching to json based encoding.

HOW TO UPDATE YOUR SETTINGS:

  • Pull the current master branch
  • Run the config generator "php ./scripts/config_gen.php"
  • Login and save your settings.
  • Thats it!

Once you do that, your data will be updated to the new formats and won't be lost when the final changes go in. I plan on making the switch over in about 1 week.

Originally created by @jasonmunro on GitHub (Jul 24, 2016). Original GitHub issue: https://github.com/cypht-org/cypht/issues/99 There are 2 issues in the code that will break existing saved settings. Both are pro-active changes to address potential security issues, neither of which has been exploited or proven exploitable. 1. The same key was being used to both encrypt strings and build the hmac hash used to verify an encrypted payload. I'm not aware of specific guidance that these must be different, but it seems reasonable to use different keys here just in case. 2. User and site settings currently use PHP serialize. Unserializing data opens a potential vulnerability if the data has been compromised. To avoid this potential vector we are switching to json based encoding. HOW TO UPDATE YOUR SETTINGS: - Pull the current master branch - Run the config generator "php ./scripts/config_gen.php" - Login and save your settings. - Thats it! Once you do that, your data will be updated to the new formats and won't be lost when the final changes go in. I plan on making the switch over in about 1 week.
kerem closed this issue 2026-02-25 21:34:06 +03:00
kerem commented 2026-02-25 21:34:06 +03:00
Author
Owner
Copy link

@ulfgebhardt commented on GitHub (Jul 26, 2016):

Hello @jasonmunro ,

i have an issue with this procedure ;-). I dont update your Software in 1weeks time.

To save my Settings i would like you to detect wether the saved settings is the old or new format and convert it if possible - or make it convert on config_gen. I guess there might be a Problem with Encryption, since the server might not be able 2 decrypt the string on its own, without the users password(???) - if so, please ask the user for his password to convert the Data on login. In this step i recommend to include a version number if thats possible so you can change the settings whenever you like.

Do this if its possible and not too much work, i use your software still in a small environment with few users, but if that might change this could be a real pain.

Thanks for your Time and Effort you put into this for all of us!

<!-- gh-comment-id:235124583 --> @ulfgebhardt commented on GitHub (Jul 26, 2016): Hello @jasonmunro , i have an issue with this procedure ;-). I dont update your Software in 1weeks time. To save my Settings i would like you to detect wether the saved settings is the old or new format and convert it if possible - or make it convert on config_gen. I guess there might be a Problem with Encryption, since the server might not be able 2 decrypt the string on its own, without the users password(???) - if so, please ask the user for his password to convert the Data on login. In this step i recommend to include a version number if thats possible so you can change the settings whenever you like. Do this if its possible and not too much work, i use your software still in a small environment with few users, but if that might change this could be a real pain. Thanks for your Time and Effort you put into this for all of us!
kerem commented 2026-02-25 21:34:06 +03:00
Author
Owner
Copy link

@jasonmunro commented on GitHub (Jul 26, 2016):

@ulfgebhardt, thanks for the feedback!
Currently the code does just what you suggest, it checks for the old/new formats and converts them to the newer format on user save/config generation, and the hmac signature check tries both the old and the new keys when validating an encrypted string. Technically, I don't have to remove the legacy support, and I could seamlessly update the user settings on login if the old format is detected without too much effort (or the user even knowing about it).

Honestly, I picked a 1 week time frame because I did not think it would be problem for anyone. Now that I know it is, I have no problem delaying the switch over, or even maintaining legacy support using a version number perpetually. Thanks again for letting me know!

<!-- gh-comment-id:235279723 --> @jasonmunro commented on GitHub (Jul 26, 2016): @ulfgebhardt, thanks for the feedback! Currently the code does just what you suggest, it checks for the old/new formats and converts them to the newer format on user save/config generation, and the hmac signature check tries both the old and the new keys when validating an encrypted string. Technically, I don't have to remove the legacy support, and I could seamlessly update the user settings on login if the old format is detected without too much effort (or the user even knowing about it). Honestly, I picked a 1 week time frame because I did not think it would be problem for anyone. Now that I know it is, I have no problem delaying the switch over, or even maintaining legacy support using a version number perpetually. Thanks again for letting me know!
kerem commented 2026-02-25 21:34:06 +03:00
Author
Owner
Copy link

@jasonmunro commented on GitHub (Aug 19, 2016):

I have preliminary version support in place, and my new plan is to delay this change until we get serious about releasing a first version. Closing this in the meantime.

<!-- gh-comment-id:241093283 --> @jasonmunro commented on GitHub (Aug 19, 2016): I have preliminary version support in place, and my new plan is to delay this change until we get serious about releasing a first version. Closing this in the meantime.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
2.x
mta-sts-implementation
feat-compose-backspace-delete-recipients
release-2.5.1
add-tls3-support
1.4.x
enforce-coverage
release-2.4.2
strip_dns_prefetch_tags
fix_nightly_build
pr-title-validation-update
review-sent-email
revert-1339-fixed-tags-display
revert-1061-rem-cram-md5
sys-messages-revamp
revert-685-fixed-str-pos-warning-when-no-to
revert-590-empty-settings
release-1.3.0
revert-471-draft-add-warning
revert-454-feature/server-list-by-uniqid
php7.4-support
release-1.2.0
remove-mobile-media-queries
release-1.1.0
release-1.0.0
v2.7.0
v2.6.0
v2.5.1
v2.5.0
v1.4.7
v2.4.2
v2.4.1
v1.4.6
v1.4.5
v2.4.0
v2.3.0
v2.2.0
v1.4.4
v2.1.0
v2.0.1
v1.4.3
v2.0.0
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.3.0-rc3
v1.3.0-rc2
v1.3.0-rc1
v1.1.0
v1.1.0-rc4
v1.1.0-rc3
v1.1.0-rc2
v1.1.0-rc1
v1.0.0
v1.0.0-rc8
v1.0.0-rc7
v1.0.0-rc6
v1.0.0-rc5
v1.0.0-rc4
v1.0.0-rc3
v1.0.0-rc2
v1.0.0-rc1
Labels
Clear labels   
2fa

   
I18N

   
PGP

   
Security

   
Security

   
account

   
advanced_search

   
advanced_search

   
announcement

   
api_login

   
authentication

   
awaiting feedback

   
blocker

   
bug

   
bug

   
bug

   
calendar

   
config

   
contacts

   
core

   
core

   
devops

   
docker

   
docs

   
duplicate

   
dynamic_login

   
enhancement

   
epic

   
feature

   
feeds

   
framework

   
github

   
github

   
gmail_contacts

   
good first issue

   
help wanted

   
history

   
history

   
imap

   
imap_folders

   
inline_message

   
installation

   
keyboard_shortcuts

   
keyboard_shortcuts

   
ldap_contacts

   
mobile

   
need-ssh-access

   
new module set

   
nux

   
pop3

   
profiles

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
refactor

   
release

   
research

   
saved_searches

   
smtp

   
strategic

   
tags

   
tests

   
themes

   
website

   
wordpress
No labels
2fa
I18N
PGP
Security
Security
account
advanced_search
advanced_search
announcement
api_login
authentication
awaiting feedback
blocker
bug
bug
bug
calendar
config
contacts
core
core
devops
docker
docs
duplicate
dynamic_login
enhancement
epic
feature
feeds
framework
github
github
gmail_contacts
good first issue
help wanted
history
history
imap
imap_folders
inline_message
installation
keyboard_shortcuts
keyboard_shortcuts
ldap_contacts
mobile
need-ssh-access
new module set
nux
pop3
profiles
pull-request
question
refactor
release
research
saved_searches
smtp
strategic
tags
tests
themes
website
wordpress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/cypht#79
No description provided.