Uploaded image for project: 'mod_python'
  1. mod_python
  2. MODPYTHON-254

Signed Cookies should use a salt and not rely on md5.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.3.1
    • Fix Version/s: None
    • Component/s: core
    • Labels:
      None

      Description

      Cookies should generate a random salt when signing so that cookies are not vulnerable to dictionary attacks. Also cookies use default hmac, which in turn defaults to MD5 signatures. We should probably move on to SHA given how weak MD5 has been shown to be.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              grisha Gregory Trubetskoy
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated: