Re: [Django] #37078: Change default algorithm of salted_hmac() from SHA-1 to SHA-256 (was: salted_hmac() defaults to SHA-1 algorithm despite SHA-256 being preferred everywhere else)
2 views
Skip to first unread message
Django
9:51 AM (12 hours ago) 9:51 AM
to django-...@googlegroups.com
#37078: Change default algorithm of salted_hmac() from SHA-1 to SHA-256
--------------------------------------+------------------------------------
Reporter: Denny Biasiolli | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: Utilities | Version: dev
Severity: Normal | Resolution:
Keywords: security, crypto | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by Jacob Walls):
* stage: Unreviewed => Accepted
* summary:
salted_hmac() defaults to SHA-1 algorithm despite SHA-256 being
preferred everywhere else
=> Change default algorithm of salted_hmac() from SHA-1 to SHA-256
* version: => dev
Comment:
Makes good sense -- I agree we should go through a deprecation here.
[https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1
-cryptographic-algorithm NIST advising all uses of SHA-1 to be replaced by
2030.]
--
Ticket URL: <https://code.djangoproject.com/ticket/37078#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--------------------------------------+------------------------------------
Reporter: Denny Biasiolli | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: Utilities | Version: dev
Severity: Normal | Resolution:
Keywords: security, crypto | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by Jacob Walls):
* stage: Unreviewed => Accepted
* summary:
salted_hmac() defaults to SHA-1 algorithm despite SHA-256 being
preferred everywhere else
=> Change default algorithm of salted_hmac() from SHA-1 to SHA-256
* version: => dev
Comment:
Makes good sense -- I agree we should go through a deprecation here.
[https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1
-cryptographic-algorithm NIST advising all uses of SHA-1 to be replaced by
2030.]
--
Ticket URL: <https://code.djangoproject.com/ticket/37078#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Reply all
Reply to author
Forward
0 new messages