Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: we are slicing keys and losing entropy. #2778

Closed

Conversation

@tyrantkhan
Copy link
Contributor

commented Aug 10, 2019

This resulted from a conversation with @jmcardon, we determined,
that we do not want to slice the key.

Reference: https://gitter.im/http4s/http4s?at=5d34da17e2d1aa6688e6cce4

tyrantkhan added 2 commits Aug 10, 2019
fix: we are slicing keys and losing entropy.
This resulted from a conversation with @jmcardon, we determined,
that we do not want to slice the key.

Reference: https://gitter.im/http4s/http4s?at=5d34da17e2d1aa6688e6cce4

@tyrantkhan tyrantkhan closed this Aug 10, 2019

@tyrantkhan tyrantkhan reopened this Aug 10, 2019

@rossabaker
Copy link
Member

left a comment

👍

@@ -446,7 +446,6 @@ object CSRF {
///

val SigningAlgo: String = "HmacSHA1"
val SHA1ByteLen: Int = 20

This comment has been minimized.

Copy link
@rossabaker

rossabaker Aug 11, 2019

Member

If we deprecate this value, we could release this as a fix on series/0.20.

This comment has been minimized.

Copy link
@tyrantkhan

tyrantkhan Aug 11, 2019

Author Contributor

I think we should (deprecate it). Do I need to do anything on my side to do that?

This comment has been minimized.

Copy link
@rossabaker

rossabaker Aug 12, 2019

Member

I just went ahead and did it, because it's easier than taking a reviewed PR and moving it to a different base. But deprecating a value looks like this.

rossabaker added a commit that referenced this pull request Aug 12, 2019
Backport #2778: fix: we are slicing keys and losing entropy.
This resulted from a conversation with @jmcardon, we determined,
that we do not want to slice the key.

Reference: https://gitter.im/http4s/http4s?at=5d34da17e2d1aa6688e6cce4
@rossabaker

This comment has been minimized.

Copy link
Member

commented Aug 12, 2019

Cherry-picked as 579c9a6, and will be in the next 0.20 release.

@rossabaker rossabaker closed this Aug 12, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.