Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #1882 (closed defect: duplicate)

Opened 11 years ago

Last modified 11 years ago

Hash algorithms with collision weaknesses

Reported by: kless Owned by: anonymous
Priority: normal Milestone: 2.0
Component: Identity Version: trunk
Severity: major Keywords: identity hash secure security
Cc:

Description

Attachments

identity.patch Download (2.1 KB) - added by kless 11 years ago.

Change History

Changed 11 years ago by kless

comment:1 Changed 11 years ago by kless

Sorry! Note that I deleted: from sqlalchemy import ForeignKey

comment:2 Changed 11 years ago by mramm

  • Priority changed from high to normal
  • Milestone changed from 2.0-preview-1 to 2.0-preview-2

These weaknesses do indicate that it might be good to move, but there's no known exploit via these weaknesses for password hash usage.

We should do this in preview 2, when we move to unique salt per-password, so that there's only password hashing change.

comment:3 Changed 11 years ago by mramm

  • Summary changed from Identity - Hash algorithms with collision weaknesses to tg.ext.repoze.who - Hash algorithms with collision weaknesses

comment:4 Changed 11 years ago by mramm

  • Milestone changed from 2.0-preview-2 to 2.0-preview-3

comment:5 Changed 11 years ago by mramm

  • Milestone changed from 2.0-preview-3 to 2.0

Unfortunately for python 2.4 support we would need to provide c binaries of hashlib, and these are not easily available for all platforms. Once that happens, or once we drop 2.4 support we should reconsider this ticket.

comment:6 Changed 11 years ago by Gustavo

  • Status changed from new to closed
  • Resolution set to duplicate
  • Summary changed from tg.ext.repoze.who - Hash algorithms with collision weaknesses to Hash algorithms with collision weaknesses

This is the same as #1824

Note: See TracTickets for help on using tickets.