keystone

History

Dave Wilde (d34dh0r53) 7859ed2600 Force algo specific maximum length Two of the algorithms that we use for password hashing silently length limit the size of the password that is hashed giving the user a false sense of security [0], [1]. This patch adds a check in the verify_length_and_trunc_password function for the hash in use and updates the max_length accordingly, this will override the configured value and log a warning if the password is truncated. Closes-bug: #1901891 Change-Id: I8d0bb2438b23227b5a66b94af6f8e198084fcd8d	2022-03-04 10:28:39 -06:00
..
notes	Force algo specific maximum length	2022-03-04 10:28:39 -06:00
source	Update master for stable/xena	2021-09-17 15:54:38 +00:00

Dave Wilde (d34dh0r53) 7859ed2600 Force algo specific maximum length

Two of the algorithms that we use for password hashing silently
length limit the size of the password that is hashed giving the
user a false sense of security [0], [1].  This patch adds a check
in the verify_length_and_trunc_password function for the hash in
use and updates the max_length accordingly, this will override
the configured value and log a warning if the password is truncated.

Closes-bug: #1901891
Change-Id: I8d0bb2438b23227b5a66b94af6f8e198084fcd8d

2022-03-04 10:28:39 -06:00

notes

Force algo specific maximum length

2022-03-04 10:28:39 -06:00

source

Update master for stable/xena

2021-09-17 15:54:38 +00:00