weak digest algorithm for PKI
Bug #1362343 reported by
Brant Knudson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Won't Fix
|
Wishlist
|
Brant Knudson | ||
python-keystoneclient |
Fix Released
|
Wishlist
|
Brant Knudson |
Bug Description
The digest algorithm for PKI tokens is the openssl default of sha1. This is a weak algorithm and some security standards require a stronger algorithm such as sha256. Keystone should make the token digest hash algorithm configurable so that deployments can use a stronger algorithm.
Also, the default could be stronger.
Changed in keystone: | |
assignee: | nobody → Brant Knudson (blk-u) |
Changed in python-keystoneclient: | |
assignee: | nobody → Brant Knudson (blk-u) |
tags: | added: pki |
tags: | added: security |
Changed in keystone: | |
importance: | Undecided → Wishlist |
Changed in python-keystoneclient: | |
importance: | Undecided → Wishlist |
Changed in python-keystoneclient: | |
milestone: | none → 0.11.2 |
Changed in python-keystoneclient: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/117366
Review: https:/