Morgan Fainberg wrote:
> I’ve been looking over the code for this and it turns out plain old SHA1
> is a bad idea.  We recently had a patch land in keystone client and
> keystone to let us configure the hashing algorithm used for token
> revocation list and the short-token ids. 
> 
> I’ve updated my patch set to use ‘{OBSCURED}%(token)s’ instead of
> specifying a specific obscuring algorithm. This means that if we ever
> update the way we obscure the data in the future, we’re not lying about
> what was done in the log. The proposed approach can be found
> here: https://review.openstack.org/#/c/99432

Looks good!

-- 
Thierry Carrez (ttx)

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to