Securing 'pickle'

[Paul Rubin]

Ian Bicking <ianb at colorstudy.com> writes:
> A much easier way to secure your pickle is to sign it, like:
> 
> cookie = dumps(object)
> secret = 'really secret!'
> hasher = md5.new()
> hasher.update(secret)
> hasher.update(cookie)
> cookie_signature = md5.digest()

That method is vulnerable to an "appending" attack against md5.  I'll
spare the gory details, but you should call md5 through the HMAC
module to make the signature instead of using md5 directly.  HMAC is
designed to stop that attack.

> You may then wish to base64 encode both (.encode('base64')), pop them
> into one value, and you're off.  Though I suppose at that point you may
> be hitting the maximum value of a cookie.  Hidden fields will work
> nicely, though.

You could split the session info into several cookies, but in that
situation you should authenticate the whole cookie set with a single
signature.  Otherwise someone could paste together several cookies
from separate sessions, and possibly confuse your server.