Why PASETO Might Not Be the JWT Replacement We Hoped For
PASETO, a potential alternative to JWT, has sparked conversations within the security and developer community alike (for once).
While PASETO has garnered some attention as a potential JWT replacement, it's essential to highlight the project's key points and gather insights from its founders and supporters to provide a well-rounded perspective.
According to project founder Scott Arciszewski, who spoke in an interview with TheCryptoLark, he emphasized PASETO's approach
PASETO is designed to address some of the footgun issues that JWT suffers from.
This quote reflects the project's intention to improve upon JWT's security shortcomings.
An Aside, a great video from Scott, very well done mate!
Alex Smith, a prominent cryptography expert and vocal supporter of PASETO, mentioned in a Medium article (paywall, so go find your own link if you want to support that)
PASETO offers an intriguing alternative to JWT, with its focus on simplicity and avoidance of common JWT pitfalls.
This insight underscores the project's emphasis on simplicity and enhanced security.
Critics everywhere, it's why you came here!
Of course, no project is without its critics, and PASETO is no exception. While some supporters believe in its potential, there are critics who raise valid concerns about its design and implementation. Here are a few common criticisms of PASETO:
- Lack of Adoption: One criticism is the relatively low adoption of PASETO compared to JWT. JWT has become an industry standard, and migrating to a new token format involves substantial effort. Critics argue that without widespread adoption, PASETO may not achieve the critical mass needed to replace JWT effectively.
- Limited Ecosystem: Another concern is the limited ecosystem around PASETO compared to JWT. JWT has libraries and integrations available in numerous programming languages and frameworks, while PASETO's ecosystem is still growing. Critics suggest that this may hinder its adoption.
- Community Input: Some critics express concerns about the lack of transparency and community input in the development of PASETO. They argue that a more collaborative approach could lead to a more robust and widely accepted solution.
I'll add mine here for completeness:
- Custom Serialisation: As explained later, PASETO's custom serialisation has drawn criticism. Critics argue that custom serialisation introduces complexity and potential security vulnerabilities, which goes against the project's goal of simplifying security.
- Key Reuse: While PASETO's approach of using a single key for encryption and signing is by design, critics argue that it deviates from established cryptographic best practices, potentially introducing security risks.
It's important to note that these criticisms don't necessarily invalidate PASETO as a JWT replacement. Like any technology, PASETO has its strengths and weaknesses, and whether it's the right choice depends on the specific use case and security requirements. Developers and organisations should carefully evaluate these criticisms and consider their implications when deciding whether to adopt PASETO over JWT or other token formats.
Don't get too excited
But before we jump on the PASETO bandwagon, let's take a closer look at whether it lives up to its promise and why it might not be the saviour we're hoping for.
1. Reusing Keys: A Security Misstep
One of the fundamental building blocks of PASETO is the practice of reusing the same key for both encryption and signing tokens. This approach goes against the principles of PKI (Public Key Infrastructure), which experts consider a best practice in cryptographic security. While JWT implementations at least offer the possibility of using separate keys for proper PKI, PASETO unapologetically adheres to this dogmatic approach.
Fix: To truly enhance security, PASETO should consider aligning with PKI best practices or risk becoming a security liability.
2. Custom Serialisation: A Recipe for Disaster
PASETO introduces a new footgun that JWT didn't have – custom serialisation. Custom serialisation opens the door to a whole host of potential security vulnerabilities. It's perplexing that PASETO, which aims to avoid the pitfalls of JWT, would add this complexity.
Fix: PASETO should reconsider this feature or encourage contributions and feedback from the community. Messing with serialization in isolation is a risky endeavor.
3. Registered Claims: Only Half the Battle
While PASETO includes some registered claims, it leaves developers to handle the rest of the claims with bespoke code. This shift in responsibility might lead to unforeseen security issues, which is exactly what PASETO claims to avoid.
Fix: PASETO should provide methods to handle common claim scenarios and offer a way to validate claims properly, either through provided end-user methods or its own validators. Common sense security should take precedence.
Immature, but hopeful
In conclusion, while the concept of PASETO may seem appealing on the surface, a closer examination reveals that it has some significant shortcomings. These issues, if left unaddressed, could pose security risks.
For PASETO to truly succeed as a JWT replacement, it must prioritise security and consider adopting more established cryptographic practices. Until then, it remains an immature project designed by developers, for developers, with security as an afterthought - a familiar and concerning pattern in the world of web security.
Member discussion