Move most remaining sha1() calls to HMAC
Summary:
- For context, see T547. This is the last (maybe?) in a series of diffs that
moves us off raw sha1() calls in order to make it easier to audit the codebase
for correct use of hash functions.
- This breaks CSRF tokens. Any open forms will generate an error when
submitted, so maybe upgrade off-peak.
- We now generate HMAC mail keys but accept MAC or HMAC. In a few months, we
can remove the MAC version.
- The only remaining callsite is Conduit. We can't use HMAC since Arcanist
would need to know the key. {T550} provides a better solution to this, anyway.
Test Plan:
- Verified CSRF tokens generate properly.
- Manually changed CSRF to an incorrect value and got an error.
- Verified mail generates with a new mail hash.
- Verified Phabricator accepts both old and new mail hashes.
- Verified Phabricator rejects bad mail hashes.
- Checked user log, things look OK.
Reviewers: btrahan, jungejason, benmathews
Reviewed By: btrahan
CC: aran, epriestley, btrahan
Maniphest Tasks: T547
Differential Revision: 1237
This commit is contained in:
epriestley
@@ -58,7 +58,7 @@ of 7-character hashes:
|
||||
|
||||
Because 7-character hashes are likely to collide for even moderately large
|
||||
repositories, Diffusion generally uses either a 16-character prefix (which makes
|
||||
collisions very unlikely) or the full 40-character SHA1 (which makes collisions
|
||||
collisions very unlikely) or the full 40-character hash (which makes collisions
|
||||
astronomically unlikely).
|
||||
|
||||
= Adding Repositories =
|
||||
|
||||
Reference in New Issue
Block a user