[Openstack-security] [openstack/keystone] SecurityImpact review request change I676e4235c4a4774f54ffef790a6441982281a612
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Fri Mar 28 00:14:28 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/83629
Log:
commit 6f7e9a635b27670d48452081becba05d4a97ca92
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Thu Mar 27 19:10:10 2014 -0500
Configurable token hash algorithm
Tokens were always hashed with md5. This change allows tokens to
be hashed with sha256 (or any other algorithm supported by the
keystoneclient token hash function). This is for security
hardening.
There's a new configuration option 'hash_algorithm' in the [token]
section. If this is not set then the server's behavior is the
same as before. If it's set to a hash algorithm (such as 'sha256'),
then PKI tokens will be hashed using that algorithm. Also, the
configured hash algorithm is set on the revocation list.
SecurityImpact
DocImpact
Closes-Bug: #1174499
Change-Id: I676e4235c4a4774f54ffef790a6441982281a612
More information about the Openstack-security
mailing list