Change proposed for django-openstack-auth :
https://review.openstack.org/#/c/116509/
** Also affects: django-openstack-auth
Importance: Undecided
Status: New
** Changed in: django-openstack-auth
Status: New => In Progress
** Changed in: django-openstack-auth
Assignee: (unassigned) => Brant Knudson (blk-u)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1174499
Title:
Keystone token hashing is MD5
Status in Django OpenStack Auth:
In Progress
Status in OpenStack Dashboard (Horizon):
In Progress
Status in OpenStack Identity (Keystone):
Fix Released
Status in OpenStack API documentation site:
Confirmed
Status in Python client library for Keystone:
Fix Released
Bug description:
https://github.com/openstack/python-
keystoneclient/blob/master/keystoneclient/common/cms.py
def cms_hash_token(token_id):
"""
return: for ans1_token, returns the hash of the passed in token
otherwise, returns what it was passed in.
"""
if token_id is None:
return None
if is_ans1_token(token_id):
hasher = hashlib.md5()
hasher.update(token_id)
return hasher.hexdigest()
else:
return token_id
MD5 is a deprecated mechanism, it should be replaces with at least SHA1, if
not SHA256.
Keystone should be able to support multiple Hash types, and the auth_token
middleware should query Keystone to find out which type is in use.
To manage notifications about this bug go to:
https://bugs.launchpad.net/django-openstack-auth/+bug/1174499/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
