You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you are changing the algorithm, I'd probably switch over to blake2, especially because you can choose the size of your output with the digest_size argument.
While there's no version number in tokens, since the token format is <URL-safe Base64 encoded data>:<signature>, it's possible to adding a version number in the payload, using a URL-safe character outside of the URL-safe Base64 alphabet as a delimiter. If this character is present in the payload, then it's the new version. If not, it's the old version. RFC 2396 says our options are "." | "!" | "~" | "*" | "'" | "(" | ")" (since "-" | "_" are already taken).
Per the Cryptographic Doom Principle, the version number should be in the payload, so it's included in the signature. Something like <URL-safe Base64 encoded data>:<version>:<signature> would be a bad idea.
The text was updated successfully, but these errors were encountered:
Suggested by Florian Apolloner:
While there's no version number in tokens, since the token format is
<URL-safe Base64 encoded data>:<signature>
, it's possible to adding a version number in the payload, using a URL-safe character outside of the URL-safe Base64 alphabet as a delimiter. If this character is present in the payload, then it's the new version. If not, it's the old version. RFC 2396 says our options are"." | "!" | "~" | "*" | "'" | "(" | ")"
(since"-" | "_"
are already taken).Per the Cryptographic Doom Principle, the version number should be in the payload, so it's included in the signature. Something like
<URL-safe Base64 encoded data>:<version>:<signature>
would be a bad idea.The text was updated successfully, but these errors were encountered: