[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change Ie524125dc5f6f1076bfd47db3a414b178e4dac80
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Fri Mar 14 23:58:58 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/80398
Log:
commit f76a1982b5e8f347e9d00a101d7935b2fe485700
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Thu Mar 13 15:38:34 2014 -0500
Allow hash tokens with sha256
Tokens were always hashed with md5. This change allows tokens to
be hashed with sha256. This is for security hardening.
If the new 'hash_algorithm' configuration option is set to 'sha256'
then the auth_token middleware will hash tokens using 'sha256'.
Using this will require that the Keystone server is also configured
to use sha256 for tokens. The 'hash_algorithm' option defaults to
'md5' for backwards compatibility.
SecurityImpact
DocImpact
Closes-Bug: #1174499
Change-Id: Ie524125dc5f6f1076bfd47db3a414b178e4dac80
More information about the Openstack-security
mailing list