You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by mb...@apache.org on 2021/09/13 02:12:11 UTC
[roller] 01/10: RememberMeService should use a better hash function.
This is an automated email from the ASF dual-hosted git repository.
mbien pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git
commit 2d5bc971cab183df5ee0d1b1ffecc3946a1e9f2c
Author: Michael Bien <mb...@gmail.com>
AuthorDate: Sun Aug 22 03:44:19 2021 +0200
RememberMeService should use a better hash function.
---
.../weblogger/ui/core/security/RollerRememberMeServices.java | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
index af1afc2..2566a43 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/core/security/RollerRememberMeServices.java
@@ -31,8 +31,8 @@ import java.security.NoSuchAlgorithmException;
public class RollerRememberMeServices extends TokenBasedRememberMeServices {
- private static final Log log = LogFactory.getLog(RollerRememberMeServices.class);
+ private static final Log log = LogFactory.getLog(RollerRememberMeServices.class);
public RollerRememberMeServices(UserDetailsService userDetailsService) {
@@ -51,7 +51,7 @@ public class RollerRememberMeServices extends TokenBasedRememberMeServices {
/**
* Calculates the digital signature to be put in the cookie. Default value is
- * MD5 ("username:tokenExpiryTime:password:key")
+ * SHA-512 ("username:tokenExpiryTime:password:key")
*
* If LDAP is enabled then a configurable dummy password is used in the calculation.
*/
@@ -70,9 +70,9 @@ public class RollerRememberMeServices extends TokenBasedRememberMeServices {
String data = username + ":" + tokenExpiryTime + ":" + password + ":" + getKey();
MessageDigest digest;
try {
- digest = MessageDigest.getInstance("MD5");
+ digest = MessageDigest.getInstance("SHA-512");
} catch (NoSuchAlgorithmException e) {
- throw new IllegalStateException("No MD5 algorithm available!");
+ throw new IllegalStateException("Required by Spec.", e);
}
return new String(Hex.encode(digest.digest(data.getBytes())));