Result for 25FB433A756E0A684EDB4A7D011289FC52BFDE62

Query result

Key Value
MD579CDD7161F3923D0185C6BE5BF2CDC0A
PackageArchnoarch
PackageDescriptionThis module implements a secure way to encode session data. It is primarily intended for storing session data in browser cookies, but could be used with other backend storage where security of stored session data is important. Features include: * Data serialization and compression using Sereal * Data encryption using AES with a unique derived key per encoded session * Enforced expiration timestamp (optional) * Integrity protected with a message authentication code (MAC) The storage protocol used in this module is based heavily on at http://www.cse.msu.edu/~alexliu/publications/Cookie/Cookie_COMNET.pdf by Alex Liu and others. Liu proposes a session cookie value as follows: user|expiration|E(data,k)|HMAC(user|expiration|data|ssl-key,k) where | denotes concatenation with a separator character E(p,q) is a symmetric encryption of p with key q HMAC(p,q) is a keyed message hash of p with key q k is HMAC(user|expiration, sk) sk is a secret key shared by all servers ssl-key is an SSL session key Because SSL session keys are not readily available (and SSL termination may happen prior to the application server), we omit 'ssl-key'. This weakens protection against replay attacks if an attacker can break the SSL session key and intercept messages. Using 'user' and 'expiration' to generate the encryption and MAC keys was a method proposed to ensure unique keys to defeat volume attacks against the secret key. Rather than rely on those for uniqueness (with the unfortunate side effect of revealing user names and prohibiting anonymous sessions), we replace 'user' with a cryptographically-strong random salt value. The original proposal also calculates a MAC based on unencrypted data. We instead calculate the MAC based on the encrypted data. This avoids an extra step decrypting invalid messages. Because the salt is already encoded into the key, we omit it from the MAC input. Therefore, the session storage protocol used by this module is as follows: salt|expiration|E(data,k)|HMAC(expiration|E(data,k),k) where | denotes concatenation with a separator character E(p,q) is a symmetric encryption of p with key q HMAC(p,q) is a keyed message hash of p with key q k is HMAC(salt, sk) sk is a secret key shared by all servers The salt value is generated using Math::Random::ISAAC::XS, seeded from Crypt::URandom. The HMAC algorithm is 'hmac_sha256' from Digest::SHA. Encryption is done by Crypt::CBC using Crypt::Rijndael (AES). The ciphertext and MAC's in the cookie are Base64 encoded by MIME::Base64 by default. During session retrieval, if the MAC does not authenticate or if the expiration is set and in the past, the session will be discarded.
PackageNameperl-Session-Storage-Secure
PackageRelease1.1
PackageVersion1.000
SHA-125FB433A756E0A684EDB4A7D011289FC52BFDE62
SHA-2562D5FD9CAE40BC8B9B409050E408E4621D9D2669DEAD204A2F482FFEF8009CAAF
hashlookup:children-total6
hashlookup:trust50

Network graph view

Children (Total: 6)

The searched file hash includes 6 children files known and seen by metalookup. A sample is included below:

Key Value
FileName./usr/share/licenses/perl-Types-Path-Tiny/LICENSE
FileSize11500
MD573ABF4C2D50FAA339365E754FBB9303F
SHA-1E188C4892BC1FBFCED62C2299A2A24FD21098D81
SHA-256C9B996327826162C97E52A76F3212B089FA88730F9B8DBE167538FE9875FB952
SSDEEP192:DNU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:Dm9vlKM1zJlFvmNz5VrlkTS07Ht
TLSHT1AD32532FBA48037716C20162BB9764CBF31E903F3B552564354CC1681F6BA6543FB6EA
Key Value
FileName./usr/lib/perl5/vendor_perl/5.34.0/Session/Storage/Secure.pm
FileSize22508
MD5DD0CBE469CFE83DDCC458A6EFAA4E358
SHA-1198705E5E2B953769DB8D5837EF0E52307A9C777
SHA-256FF67A793E4194B1FFC493B06C2AAA3926DD0783848E2F8DF75CD7A7A15E01BE2
SSDEEP384:fO3O78ikw3ZGVHf0cOvJJtd1v+wpi0H/muO30sFVzKSF58FX22WOAvSty+Ik:fOe78ikw3kVHVEtbn/muO35FVtgXVhAU
TLSHT172A2C79A399683B549F3C0A33BA6D085D33CF55E23255610B8ACD2581FC8D3D933B6B9
Key Value
FileName./usr/share/doc/packages/perl-Session-Storage-Secure/Changes
FileSize3039
MD5513E64EBE1DDD68E060C5E197FE82A6A
SHA-1EB9CA927CAF09E9E9C5A54EB8E535341533A4BED
SHA-256434EA8DB9A4A0AF21C44C75A1FC539178833517480117D4A58D5AEE24AB10B32
SSDEEP48:cUc1abReYR+O4dPxb579MGbBmU11L3LWFTqynDhy25XSAeN2O4TfvTx4+/v8d:cUc1abReu4d599M+mUvL3KFT8IXg0BTs
TLSHT1CB51420972B055A87AD282C3B8C6F2EA663DB42F83C6695879FDC14C5F09418B73F558
Key Value
FileName./usr/share/doc/libversion-next-perl/CONTRIBUTING.mkdn
FileSize3460
MD59B0E0B2D54F62067BEDB4B20E9259CFD
RDS:package_id288578
SHA-17BE5DEFE2E56A63F7CF57747942D3876CD562396
SHA-256108695CF77589ACBF83D768607B30403CA440D8A4B49284D29E06635F7ADC88C
SSDEEP96:ftxAA4qDaXxHkebBbFs/VrSEgj1QNWsAX:fYFwAxHTFDzV
TLSHT1EA6178BF5180537459D302E1E26A40E3E756C15E1316443974BE80AD533BF35E2FB998
insert-timestamp1670545180.7104921
sourcemodern.db
Key Value
FileName./usr/share/man/man3/Session::Storage::Secure.3pm.gz
FileSize5988
MD5886EDB4973315F53F7B1CF7B8E45C571
SHA-14D4D2C51EF91AE433386B8BE5BD18BB05BB13EC9
SHA-256D6BB6827660180FE02FF47FD7AD061B2E22A5DA014A2E6C8DCB7F0D11D52006D
SSDEEP96:fn2lDsJgvNmwIAhRM6Ol+pzXGNn7tjg2dUuvypjJ12/IORV2RNRvraaorxk:TqvNbIyRMy9GNn7tjRKp6z/ycQ
TLSHT1EDC19E0D9879FDD6FD16A6722B2824A22A444B622E5B3151A9CDF4C3026C2D0C55EFF7
Key Value
FileName./usr/share/doc/packages/perl-Session-Storage-Secure/README
FileSize12833
MD568C0CDBA9A8B1281431AEC39921ABDB4
SHA-18BBD2C254B8523BC60AF510F252029C9FA77C5F6
SHA-256DA63CE43639B69984007403FDF475596C54913A0D8DCE86F2DE4EB8A170BB56F
SSDEEP384:1MR/eYcFtcTx4r3jmhPfSXM3LC2ZLoycE1:1YEcF4r303Z3uMLoTE1
TLSHT18F42A64A7659033A0AD3C1B7B5B292C59738F06F33610208B8ACC26C1F49D7697B76F9