Result for 0EF0E6921ADE676A64676C05687EC9CC4C7C5DB7

Query result

Key Value
MD5A388616288E1141CBEF42EAB72C62B74
PackageArchnoarch
PackageDescriptionThis module implements a secure way to encode session data. It is primarily intended for storing session data in browser cookies, but could be used with other backend storage where security of stored session data is important. Features include: * Data serialization and compression using Sereal * Data encryption using AES with a unique derived key per encoded session * Enforced expiration timestamp (optional) * Integrity protected with a message authentication code (MAC) The storage protocol used in this module is based heavily on at http://www.cse.msu.edu/~alexliu/publications/Cookie/Cookie_COMNET.pdf by Alex Liu and others. Liu proposes a session cookie value as follows: user|expiration|E(data,k)|HMAC(user|expiration|data|ssl-key,k) where | denotes concatenation with a separator character E(p,q) is a symmetric encryption of p with key q HMAC(p,q) is a keyed message hash of p with key q k is HMAC(user|expiration, sk) sk is a secret key shared by all servers ssl-key is an SSL session key Because SSL session keys are not readily available (and SSL termination may happen prior to the application server), we omit 'ssl-key'. This weakens protection against replay attacks if an attacker can break the SSL session key and intercept messages. Using 'user' and 'expiration' to generate the encryption and MAC keys was a method proposed to ensure unique keys to defeat volume attacks against the secret key. Rather than rely on those for uniqueness (with the unfortunate side effect of revealing user names and prohibiting anonymous sessions), we replace 'user' with a cryptographically-strong random salt value. The original proposal also calculates a MAC based on unencrypted data. We instead calculate the MAC based on the encrypted data. This avoids an extra step decrypting invalid messages. Because the salt is already encoded into the key, we omit it from the MAC input. Therefore, the session storage protocol used by this module is as follows: salt|expiration|E(data,k)|HMAC(expiration|E(data,k),k) where | denotes concatenation with a separator character E(p,q) is a symmetric encryption of p with key q HMAC(p,q) is a keyed message hash of p with key q k is HMAC(salt, sk) sk is a secret key shared by all servers The salt value is generated using Math::Random::ISAAC::XS, seeded from Crypt::URandom. The HMAC algorithm is 'hmac_sha256' from Digest::SHA. Encryption is done by Crypt::CBC using Crypt::Rijndael (AES). The ciphertext and MAC's in the cookie are Base64 encoded by MIME::Base64 by default. During session retrieval, if the MAC does not authenticate or if the expiration is set and in the past, the session will be discarded.
PackageNameperl-Session-Storage-Secure
PackageRelease1.12
PackageVersion1.000
SHA-10EF0E6921ADE676A64676C05687EC9CC4C7C5DB7
SHA-25603C9A76A5FEE4711D0645A75F3910D29E546937D24086CD24CE88870EBE46530
hashlookup:children-total6
hashlookup:trust50

Network graph view

Children (Total: 6)

The searched file hash includes 6 children files known and seen by metalookup. A sample is included below:

Key Value
FileName./usr/share/licenses/perl-Types-Path-Tiny/LICENSE
FileSize11500
MD573ABF4C2D50FAA339365E754FBB9303F
SHA-1E188C4892BC1FBFCED62C2299A2A24FD21098D81
SHA-256C9B996327826162C97E52A76F3212B089FA88730F9B8DBE167538FE9875FB952
SSDEEP192:DNU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:Dm9vlKM1zJlFvmNz5VrlkTS07Ht
TLSHT1AD32532FBA48037716C20162BB9764CBF31E903F3B552564354CC1681F6BA6543FB6EA
Key Value
FileName./usr/lib/perl5/vendor_perl/5.34.0/Session/Storage/Secure.pm
FileSize22508
MD5DD0CBE469CFE83DDCC458A6EFAA4E358
SHA-1198705E5E2B953769DB8D5837EF0E52307A9C777
SHA-256FF67A793E4194B1FFC493B06C2AAA3926DD0783848E2F8DF75CD7A7A15E01BE2
SSDEEP384:fO3O78ikw3ZGVHf0cOvJJtd1v+wpi0H/muO30sFVzKSF58FX22WOAvSty+Ik:fOe78ikw3kVHVEtbn/muO35FVtgXVhAU
TLSHT172A2C79A399683B549F3C0A33BA6D085D33CF55E23255610B8ACD2581FC8D3D933B6B9
Key Value
FileName./usr/share/doc/packages/perl-Session-Storage-Secure/Changes
FileSize3039
MD5513E64EBE1DDD68E060C5E197FE82A6A
SHA-1EB9CA927CAF09E9E9C5A54EB8E535341533A4BED
SHA-256434EA8DB9A4A0AF21C44C75A1FC539178833517480117D4A58D5AEE24AB10B32
SSDEEP48:cUc1abReYR+O4dPxb579MGbBmU11L3LWFTqynDhy25XSAeN2O4TfvTx4+/v8d:cUc1abReu4d599M+mUvL3KFT8IXg0BTs
TLSHT1CB51420972B055A87AD282C3B8C6F2EA663DB42F83C6695879FDC14C5F09418B73F558
Key Value
FileName./usr/share/doc/libversion-next-perl/CONTRIBUTING.mkdn
FileSize3460
MD59B0E0B2D54F62067BEDB4B20E9259CFD
RDS:package_id288578
SHA-17BE5DEFE2E56A63F7CF57747942D3876CD562396
SHA-256108695CF77589ACBF83D768607B30403CA440D8A4B49284D29E06635F7ADC88C
SSDEEP96:ftxAA4qDaXxHkebBbFs/VrSEgj1QNWsAX:fYFwAxHTFDzV
TLSHT1EA6178BF5180537459D302E1E26A40E3E756C15E1316443974BE80AD533BF35E2FB998
insert-timestamp1670545180.7104921
sourcemodern.db
Key Value
FileName./usr/share/doc/packages/perl-Session-Storage-Secure/README
FileSize12833
MD568C0CDBA9A8B1281431AEC39921ABDB4
SHA-18BBD2C254B8523BC60AF510F252029C9FA77C5F6
SHA-256DA63CE43639B69984007403FDF475596C54913A0D8DCE86F2DE4EB8A170BB56F
SSDEEP384:1MR/eYcFtcTx4r3jmhPfSXM3LC2ZLoycE1:1YEcF4r303Z3uMLoTE1
TLSHT18F42A64A7659033A0AD3C1B7B5B292C59738F06F33610208B8ACC26C1F49D7697B76F9
Key Value
FileName./usr/share/man/man3/Session::Storage::Secure.3pm.gz
FileSize6020
MD52B23D02889A9BE36241BED181638ECDC
SHA-158E4DD233029E690AE5EC696EBA292B740D99F2F
SHA-256F372374929306D1BB1381B24BA6F31101E4193C5120D8594656ADE37240F50B9
SSDEEP96:syz8TkjPUjUKkt654M9UnGUCQ4GrIzM3EDz1rttjl3HL29eBw65r8HdPOEc609:Tz8Y2w24M9hUCQ4GrmvDzn3K9e5r8Hty
TLSHT134C17D51D6B5FE33E2A777C89C8A452A4F388C192CC5814A680E86D1BA3EC8283947E1