Reviewed: https://review.openstack.org/92499 Committed: https://git.openstack.org/cgit/openstack/python-keystoneclient/commit/?id=41b3abd42dbadab536bfd3793211ca001e7ffc8d Submitter: Jenkins Branch: master commit 41b3abd42dbadab536bfd3793211ca001e7ffc8d Author: Brant Knudson <bknudson at us.ibm.com> Date: Tue May 6 19:33:46 2014 -0500 auth_token hashes PKI token once auth_token was hashing the PKI token multiple times. With this change, the token is hashed once. Change-Id: I70d3339d09deb2d3528f141d37138971038f4075 Related-Bug: #1174499 -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1174499 Title: Keystone token hashing is MD5 Status in OpenStack Dashboard (Horizon): New Status in OpenStack Identity (Keystone): Fix Committed Status in OpenStack API documentation site: Confirmed Status in Python client library for Keystone: In Progress Bug description: https://github.com/openstack/python- keystoneclient/blob/master/keystoneclient/common/cms.py def cms_hash_token(token_id): """ return: for ans1_token, returns the hash of the passed in token otherwise, returns what it was passed in. """ if token_id is None: return None if is_ans1_token(token_id): hasher = hashlib.md5() hasher.update(token_id) return hasher.hexdigest() else: return token_id MD5 is a deprecated mechanism, it should be replaces with at least SHA1, if not SHA256. Keystone should be able to support multiple Hash types, and the auth_token middleware should query Keystone to find out which type is in use. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1174499/+subscriptions