-----BEGIN PGP SIGNED MESSAGE-----
On 03/05/2012 03:24 PM, Jan Pokorný wrote:
> On 02/03/12 14:48 +0100, Jan Pokorný wrote:
>> currently, original mod_auth_tkt supports also SHA256 and SHA 512
>> , not just plain MD5. Quoting:
>> ----v---- The default is MD5, which is faster, but has now been
>> shown to be vulnerable to collision attacks. Such attacks are not
>> directly applicable to mod_auth_tkt, which primarily relies on the
>> security of the shared secret rather than the strength of the
>> hashing scheme. More paranoid users will probably prefer to use one
>> of the SHA digest types, however.
>> The default is likely to change in a future version, so setting the
>> digest type explicitly is encouraged. ----^----
>> I've made a modification to Paste's auth_tkt auth module to allow
>> overriding of default MD5 digest:
> Update (based Ian's comments): The algorithm can also be specified as
> a string referring to the algorithm known to hashlib (otherwise
> AttributeError will be raised).
> The new version:
> https://bitbucket.org/jnpkrn/paste/changeset/69404df8a13d (branch v2)
> Any more comments or is it ready for pull request?
>> I am CC'ing repoze-dev as repoze.who.plugins.auth_tkt could also
>> benefit from this change (is the change integration-ready?).
Assuming a new release of paste becomes available supporting this
feature, I have no problem extending the r.who plugin to expose it.
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Repoze-dev mailing list