Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/net/xsrftoken: move away from SHA-1 #19489

Open
ghost opened this issue Mar 10, 2017 · 2 comments
Open

x/net/xsrftoken: move away from SHA-1 #19489

ghost opened this issue Mar 10, 2017 · 2 comments
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unreleased

Comments

@ghost
Copy link

ghost commented Mar 10, 2017

SHA-1 is not considered secure any more.
@ALTree ALTree added the NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. label Mar 10, 2017
@ALTree ALTree added this to the Unreleased milestone Mar 10, 2017
@bradfitz
Copy link
Contributor

HMAC-SHA1 is still considered safe, FWIW.

It's fine to change it, though, as long as we're not aiming for compatibility with any other xsrftoken package in another language. In that case I would wait and coordinate any change.

@rsc
Copy link
Contributor

rsc commented Jun 5, 2017

What Brad said.

@rsc rsc added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. labels Jun 5, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@bradfitz @rsc @ALTree