[gnome-keysign: 1/65] util: switch hmac digest to sha256

From: Gitlab System User <gitlab src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-keysign: 1/65] util: switch hmac digest to sha256
Date: Tue, 3 Oct 2017 11:36:59 +0000 (UTC)

commit 798209685f2842086420d65aa2d6d017294c19d8
Author: RyuzakiKK <aasonykk gmail com>
Date:   Mon Aug 14 13:04:50 2017 +0200

    util: switch hmac digest to sha256
    
    This change has been made because the default MD5 is vulnerable and also
    because from Python 3.4, MD5 as implicit default digest for digestmod,
    is deprecated.

 keysign/util.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/keysign/util.py b/keysign/util.py
index e80a8ce..eae2ea4 100644
--- a/keysign/util.py
+++ b/keysign/util.py
@@ -16,6 +16,7 @@
 #    You should have received a copy of the GNU General Public License
 #    along with GNOME Keysign.  If not, see <http://www.gnu.org/licenses/>.
 
+import hashlib
 import hmac
 import logging
 from subprocess import call
@@ -29,9 +30,11 @@ log = logging.getLogger(__name__)
 
 
 def mac_generate(key, data):
-    mac = hmac.new(key, data).hexdigest().upper()
+    mac = hmac.new(key, data, hashlib.sha256).hexdigest().upper()
     log.info("MAC of %r is %r", data[:20], mac[:20])
-    return mac
+    # Arbitrary truncation to avoid a QR code size increase
+    return mac[:20]
+
 
 def mac_verify(key, data, mac):
     computed_mac = mac_generate(key, data)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]