[Openstack-security] [openstack/keystone] SecurityImpact review request change Iafe3c975d59818c8f362647f7ea5149a03deee47
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Mar 20 00:32:00 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/80401
Log:
commit e52e33216b12d55ad8a553920b741eae6fadef66
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Thu Mar 13 15:50:52 2014 -0500
Configurable token hash algorithm
Tokens were always hashed with md5. This change allows tokens to
be hashed with sha256. This is for security hardening.
If the new 'hash_algorithm' configuration option in the [token]
section is set to 'sha256' then PKI tokens will be hashed using
the sha256 algorithm rather than the md5 algorithm. The
'hash_algorithm' option defaults to 'md5' for backwards
compatibility.
The hash_algorithm is also set on all generated tokens and also
included in the revocation list.
SecurityImpact
DocImpact
Closes-Bug: #1174499
Change-Id: Iafe3c975d59818c8f362647f7ea5149a03deee47
More information about the Openstack-security
mailing list