You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to mitigate a change/revert to the default digest method from/back to sha1, fallback signers were implemented and sha512 was left as a default fallback signer. This default fallback was always intended as temporary. Remove it and make the default fallback signers empty.
Note that the security of the hash alone doesn't apply when used intermediately in HMAC. SHA-1, and even MD5, is still secure when used in HMAC. The change to SHA-512 was done for optics at the time, but caused backwards compatibility issues and greatly increased the size of the signed values. If a project is concerned beyond this, it is possible to configure the digest method however they want, as well as include fallback signers to upgrade old tokens.
The text was updated successfully, but these errors were encountered: