Secure authentication cookies with Django

Some time ago Alex X. Liu published a research paper on secure cookie protocols. I tried to implement the protocol in Python, but sadly had to remove some fields from the protocol. You can download it here.

Changes

This is the original protocol:

user name|expiration time|(data)k|HMAC(user name|expiration time|data|session key, k)
where k=HMAC(user name|expiration time, sk)
and sk=secret server key

I removed (data)k and session key, which changes the protocol to:

user name|expiration time|HMAC(user name|expiration time, k)
where k=HMAC(user name|expiration time, sk)
and sk=secret server key

The data field was removed because I couldn’t find a good two way encryption library for Python, and the session key was removed due to the lack of SSL.

The new structure is similar to the one used for the authentication in the backend of the recently released Wordpress 2.5.

Usage

To create a cookie in Django, use the set_cookie method of the response object:

cookie = myutils.generate(‘arthur’, 1210708139)

response = render_to_response(‘index.html’)
response.set_cookie(‘mycookie’, cookie)

return response

Published: May 15, 2008 — Tagged: cookies, django, python

Comments

Brodie Rao, May 20th, 2008

If I understand this correctly:

1. Django currently uses what the paper refers to as “Fu’s cookie protocol.”

2. There’s the possibility of the server’s secret key being discovered through large scale cryptanalysis, which could compromise the security of any data stored within the cookie.

3. The protocol is susceptible to replay attacks.

Your implementation partly addresses the first concern, and it does not address the second concern at all. Is this right?

It seems to address the issue of replay attacks you’d need the SSL session key. I might have missed it, but I don’t see any mention in the paper of how they create this key, and it doesn’t look like they’ve included their reference PHP implementation.

I’d like to see a Django implementation of the SSL and data encryption parts of the protocol, and I’d also like to see what their community has to say about the existing protocol and this proposed protocol.

Arthur Koziel, May 20th, 2008

1. Django doesn’t use any cookie protocol. You can store data in cleartext (not recommended), or use some advanced structure/protocol like the one from Liu et al. It’s solely up to you.

2. Correct, but the default Django secret key is pretty good (you can also rotate it at regular intervals). The question is if it would be worthwhile for the attacker to do such kind of large scale computing on a small/mid sized website, because it will take a really really long time. I also wouldn’t use long living cookies on websites that _really_ need to be secure like online banking backends etc.

3. Right, but only if you leave the SSL session key out.

The SSL key is generated automatically and only known to the client and the server, it’s used for the encryption of every SSL request.

I would also be interested in the reference PHP implementation. However, it shouldn’t be that hard to do it yourself. You can take a look at the Wordpress source, which uses the same structure.
It’s also pretty easy to do a two-way encryption of the data field in php ( mcrypt), but I sadly haven’t found a alternative in Python yet.

As for the SSL key, i would rather make it optional since there are still a lot of websites without SSL out there.

Mat, June 6th, 2008

Hi, I’ve found your blog while searching articles about the “Secure Cookie Protocol” paper. Good article :)

I’ve the same problem (in PHP) : i removed the “ssl session key” from the HMAC because it’s not usable for long living cookies.

As it’s name indicate,s the ssl_session_key have a session lifetime. So it does not allow to set a “persistent cookie” with a long expiration time. When the user will close his browser and open a new ssl session a few time later, a new SSL session will begin and the cookie will be invalid.

So “long time” cookie are replay attackable :/
I’ve found no solution for them…

Arthur Koziel