Any reason to not use SHA256 (or newer) for Signer / TimeStampSigner classess?
78 views
Skip to first unread message
Cristiano Coelho
unread,
May 8, 2018, 6:44:05 PM5/8/18
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Django developers (Contributions to Django itself)
Looks like the Signer class (and perhaps other parts of the code) still use SHA1 ([1] and [2]) for the HMAC signing/hashing process.
I'm wondering if there's any specific reason to use SHA1 over newer versions, or if it would be worth it to pass the hash algorithm as a variable or even config option.
Backwards compatibility is the main consideration.
Cristiano Coelho
unread,
May 9, 2018, 7:31:43 PM5/9/18
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Django developers (Contributions to Django itself)
Right, that backwards compatibility issue seems quite difficult to solve, although if the worst thing to happen is that all users are logged out, it shouldn't be that bad. Will read the ticket in detail.
Florian Apolloner
unread,
May 10, 2018, 11:38:41 AM5/10/18
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Django developers (Contributions to Django itself)
On Thursday, May 10, 2018 at 1:31:43 AM UTC+2, Cristiano Coelho wrote:
Right, that backwards compatibility issue seems quite difficult to solve, although if the worst thing to happen is that all users are logged out, it shouldn't be that bad. Will read the ticket in detail.
That is not the worst thing; it will invalidate __anything__ relying on signing. And even "just" log outs are a major issue for bigger sites.