Move from JWT to PASETO

Question

Move from JWT to PASETO

Closed this issue 4 years ago · 8 comments

Hi, PASETO is a JWT replacement with security as first target in mind. The page explains well what it does and why.

PASETO shouldn't be used for stateless session

As reported in the README:

Caution: Neither JWT nor Paseto were designed for stateless session management.
Paseto is suitable for tamper-proof cookies, but cannot prevent replay attacks by itself.

Paseto doesn't fit the purpose of this library, but JWT neither. So if this library does the wrong thing, at least it would be better to do it the right way 😄

BC Break

Of course the transition will result in a lot of API BC Break, mainly due to the actual type-hints to lcobucci/jwt dependency.
Nevertheless the overall user experience will remain the same, as PASETO aims the same goals of JWT in term of given functionalities.

References

https://twitter.com/Ocramius/status/1251251892430286851

Supersedes

#61

Answer 1 · 2020-04-19T10:53:09.000Z

So if this library does the wrong thing

meh, crypto community fud: all the points they argue about are described in LIMITATIONS.md 😛

Answer 2 · 2020-04-19T10:55:21.000Z

Of course the transition will result in a lot of API BC Break, mainly due to the actual type-hints to lcobucci/jwt dependency.

probably just the ctors.

Need to check if there are other consequences in the tests.

Answer 3 · 2020-04-19T11:02:29.000Z

meh, crypto community fud

Yup, the replay attack weakness is real, but only makes sense if, with standard session, the developer builds a monitoring tool to know whether a cookie has been stolen and misused or not (like match IP/Geo/UserAgent etc everytime).
I've never seen anything like that outside giant businesses or security related ones.
Not within reach of average developer.

Answer 4 · 2020-04-19T11:04:51.000Z

Even then, that would mean that the transport layer is broken (no e2e encryption)

Answer 5 · 2020-04-19T11:08:04.000Z

Not necessary: stealing the browser profile is still a thing, and most of them are not encrypted.
Big businesses I know, even bank ones, still give the same PC to different employees, it takes 3 minutes to run a live CD and steal everything...

Answer 6 · 2020-04-19T11:22:41.000Z

Yeah, can do that with traditional sessions anyway.

Pinning to IP address also no longer feasible due to roaming.

Still fud.

Answer 7 · 2020-04-30T06:26:19.000Z

A brief recap of my last week: I'd like to propose a PR here, but first I prefer addressing paragonie/paseto#111. Solutions to that issue are trivial, but need active replies from the maintainer which seems a.f.k. as of yet.

Answer 8 · 2021-02-05T06:08:38.000Z

After almost a year, here's what I think.

PASETO is an awesome standard, far better than JWT. But it's still a draft, it's adoption is sadly slow, and for now the switch for this library is not justified enough to drop the widely supported JWT.

Hope in the future to reopen this, but for now I'm going to close it.