Manual:$wgSecretKey
| Proxies: $wgSecretKey | |
|---|---|
| This should always be customized in LocalSettings.php |
|
| Introduced in version: | 1.4.0 |
| Removed in version: | still in use |
| Allowed values: | |
| Default value: | false |
Other settings: Alphabetical | By Function
Details [edit]
This should always be customized in LocalSettings.php
This value is used as cryptographic entropy when generating user_tokens to insert into the users table which is used as a persistent cookie for authentication (when a user checks "Remember my login on this browser") that is resilient to spoofing.
 Warning: |
If the value of the variable leaks out you must generate a new secret key and generate brand new user_token values for the user table. Otherwise the entropy of previously generated tokens will be significantly reduced and would only take a matter of time for a semi-determined cracker to compromise user accounts on your wiki. Because of new cryptographic methods introduced in later versions of MediaWiki, if your wiki was originally created with MediaWiki 1.17.4, 1.18.3, 1.19, or later, then you should have little to worry about if $wgSecretKey leaks. |
Update [edit]
According to 14 October 2012 wikitech-l emails by Daniel Friesen:
| “ | Right now $wgSecretKey is 99% worthless. We aren't using it directly anymore. We now generate all tokens with proper cryptographic random sources. So we don't base security off keeping a string secret anymore. ((That %1 is from the fact that if you have no access to urandom or are on old php, no mcrypt random, and no openssl random we do use $wgSecretKey as a very small source of entropy, but it's of barely any value most of our entropy comes from clock drift in that case.))
At the same time it's worth noting the warning about user_token. It does not apply to any new user_token but old user_tokens for users who have not updated their passwords resulting in the reset of user_token on wikis that have not done a full reset will still be somewhat vulnerable to $wgSecretKey leaks. Changing a password or resetting the entire user_token column will reset user_tokens. So if those are done after you upgrade to a version with MWCryptRand then the user_tokens affected will be ok. But any user_token that has not been reset yet will still be based on $wgSecretKey and will still be somewhat vulnerable to attacks if $wgSecretKey is leaked. |
” |
$wgProxyKey [edit]
From 1.3 to 1.4, $wgProxyKey was the documented setting for this. In 1.4, this was marked as deprecated in favor of $wgSecretKey.
