Morgan Fainberg wrote: > I’ve been looking over the code for this and it turns out plain old SHA1 > is a bad idea. We recently had a patch land in keystone client and > keystone to let us configure the hashing algorithm used for token > revocation list and the short-token ids. > > I’ve updated my patch set to use ‘{OBSCURED}%(token)s’ instead of > specifying a specific obscuring algorithm. This means that if we ever > update the way we obscure the data in the future, we’re not lying about > what was done in the log. The proposed approach can be found > here: https://review.openstack.org/#/c/99432
Looks good! -- Thierry Carrez (ttx) _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev