we use sha1 for generating our csrf token. switch to hmac sha1 for protection against length extension attacks and reduce possible collisions.
Oguz Bektas (1): pve-access-control: use hmac_sha1 instead of sha1 for csrf token PVE/AccessControl.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) common: use hmac_sha1 instead of sha1 for csrf token src/PVE/Ticket.pm | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) -- 2.11.0 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
