Morgan Fainberg wrote:
> I’ve been looking over the code for this and it turns out plain old SHA1
> is a bad idea. We recently had a patch land in keystone client and
> keystone to let us configure the hashing algorithm used for token
> revocation list and the short-token ids.
>
> I’ve updated my patch set to use ‘{OBSCURED}%(token)s’ instead of
> specifying a specific obscuring algorithm. This means that if we ever
> update the way we obscure the data in the future, we’re not lying about
> what was done in the log. The proposed approach can be found
> here: https://review.openstack.org/#/c/99432
Looks good!
--
Thierry Carrez (ttx)
_______________________________________________
OpenStack-dev mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
