blobstore's hashing needs improvement
Bug #1364750 reported by
Andrew Wilkins
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Fix Released
|
High
|
Ian Booth |
Bug Description
blobstore currently does MD5 & SHA-256, which is not any more secure than SHA-256 alone. See: http://
Instead, use SHA-256 or SHA-512 alone. This must be done before we release anything using blobstore, which is about to enter as a dependency into master.
Changed in juju-core: | |
assignee: | nobody → Ian Booth (wallyworld) |
status: | Triaged → In Progress |
Changed in juju-core: | |
status: | In Progress → Fix Committed |
Changed in juju-core: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is important, but calling it Critical makes other actual Critical things less important. It would be critical if there was an actual security exploit and we needed to drop everything and fix it.