[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change Ie524125dc5f6f1076bfd47db3a414b178e4dac80
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Apr 9 19:12:29 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/80398
Log:
commit edcec85f9ffdf5fbead8e38291c726be2f29baee
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Tue Apr 8 20:52:27 2014 -0500
auth_token middleware hashes tokens with sha256
The auth_token middleware always hashed PKI Tokens with MD5. This
change makes it so that PKI tokens can be hashed with SHA256. This
is for security hardening.
Both SHA256 and MD5 will be tried when checking against the
revocation list. This will support identity servers that are not
configured for SHA256.
When storing the PKI token in the local cache, the sha256 hash will
always be used.
SecurityImpact
Closes-Bug: #1174499
Change-Id: Ie524125dc5f6f1076bfd47db3a414b178e4dac80
More information about the Openstack-security
mailing list