Fernet tokens have redundant creation timestamps
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Dolph Mathews |
Bug Description
The creation time of a Fernet token is actually encoded into the token twice. One of these should be removed.
In the payload of every fernet token, we insert the creation time as an integer timestamp. That timestamp gets encrypted along with the rest of the payload.
In addition, the Fernet format itself encodes a timestamp outside the payload. See the 64-bit timestamp in the specification:
https:/
The application-
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → Lance Bragstad (lbragstad) |
Changed in keystone: | |
assignee: | Lance Bragstad (lbragstad) → Dolph Mathews (dolph) |
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → Jorge Munoz (jorge-munoz) |
Changed in keystone: | |
assignee: | Jorge Munoz (jorge-munoz) → Dolph Mathews (dolph) |
Changed in keystone: | |
milestone: | none → kilo-3 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-3 → 2015.1.0 |
https:/ /review. openstack. org/#/c/ 161897/