Manual talk:$wgSecretKey

customized to what? ? 19:32, 22 October 2006 (UTC)

Replaces $wgProxyKey
Since this replaces $wgProxyKey, should there be any concern that there is no value specified in the auto-generated LocalSettings.php in 1.9.3? --Gadlen 16:14, 15 March 2007 (UTC)

An explanation. Please check this, and stick on the page:
Well looking at the code, if my understanding is correct...

This is what it does in user.php:

$this->mToken = md5( $wgSecretKey . mt_rand( 0, 0x7fffffff ) . $wgDBname . $this->mId );

This is to generate a token to go in the cookie, to identify the user's session. The token can be anything, but it should be a very long scrambled sequence of characters, because it should be unique to this user visit and it should be difficult for an attacker to guess, or hit upon in a brute force (try lots of different numbers) attack. It should also be difficult to derive in some clever way.

Now the above code will quite happily generate suitable big sequences of characters. They are so big that brute force attack would never work (It would take prohibitively long time since there are too many permutations). Is there a way for an attacker to derive another user's token? Well the function is randomised (the mt_rand function call), so that's going to be very difficult. Theoretically it is possible, but only by predicting the numbers to come out of the random number generator mt_rand function. Not an easy thing to do at all, but theoretically possible.

So the last line of defence is to slap in another random bit of data, the $wgSecretKey, into the function. This is a secret string of characters e.g. A string of 10 characters which only you (the wiki server administrator) know. It could be any characters. You don't need to remember it or anything. You just have to keep it secret. It just sits there in LocalSettings.php, adding extra security.

Worst case scenario is: Someone who is capable of figuring out a spoofing attack involving reverse extrapolating generated random numbers, discovers your $wgSecretKey setting (or discovers you didn't set one) and comes along and spends the necessary effort attacking your wiki installation. After all that, they can 'become' other users who are logged in at the time. If they're really lucky they might manage to become a power user with permissions to do some damage.

All said and done. It's a bit paranoid to worry about it. Hence the installation message is only a warning:

"Warning: $wgSecretKey key is insecure, generated with mt_rand. Consider changing it manually."

...that's If I'm understanding this correctly. Can someone confirm or deny the above, and we can put the explanation on the manual page there.

-- Harry Wood 13:11, 19 June 2007 (UTC)

Suggestion for improved security
Check if the PHP function openssl_random_pseudo_bytes or the file /dev/random is available and use that by default, only showing the warning if both aren't available. -- Jan Schejbal, too lazy to log in.

Version number
Is it possible to create a TLDR explanation that says, e.g., "If your wiki was originally created with MediaWiki v1.xx.x or later, then you should have little to worry about if $wgSecretKey leaks"? What version would that be? Leucosticte (talk) 02:33, 15 October 2012 (UTC)


 * Not exactly, MWCryptRand was introduced simultaneously in 1.17.3-4, 1.18.2-3, and 1.19beta2. Daniel Friesen (Dantman) (talk) 02:54, 15 October 2012 (UTC)