You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by GitBox <gi...@apache.org> on 2021/01/24 08:49:11 UTC

[GitHub] [myfaces] bohmber opened a new pull request #159: MYFACES-4376

bohmber opened a new pull request #159:
URL: https://github.com/apache/myfaces/pull/159


   Update Cryptographic algorithm in StateUtils to a stronger version
   
   (cherry picked from commit 65a0043c5a89b4375496aa295407d8956512e711)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [myfaces] bohmber merged pull request #159: MYFACES-4376

Posted by GitBox <gi...@apache.org>.

bohmber merged pull request #159:
URL: https://github.com/apache/myfaces/pull/159


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [myfaces] volosied commented on pull request #159: MYFACES-4376

Posted by GitBox <gi...@apache.org>.

volosied commented on pull request #159:
URL: https://github.com/apache/myfaces/pull/159#issuecomment-766374486


   Sorry I didn't see your comment from the master PR. 
   
   From what I read, we definitely should upgrade DES.  
   
   As for HmacSHA256, I don't see any harm in updating. I  found some articles about collisions with SHA1, and SHA256 seems to be generally more preferred.   I'm curious about performance, but users of MyFaces always have the option to change these algorithms if they so choose.   
   
   +1 from me. 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [myfaces] volosied commented on pull request #159: MYFACES-4376

Posted by GitBox <gi...@apache.org>.

volosied commented on pull request #159:
URL: https://github.com/apache/myfaces/pull/159#issuecomment-766374486


   Sorry I didn't see your comment from the master PR. 
   
   From what I read, we definitely should upgrade DES.  
   
   As for HmacSHA256, I don't see any harm in updating. I  found some articles about collisions with SHA1, and SHA256 seems to be generally more preferred.   I'm curious about performance, but users of MyFaces always have the option to change these algorithms if they so choose.   
   
   +1 from me. 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [myfaces] tandraschko commented on pull request #159: MYFACES-4376

Posted by GitBox <gi...@apache.org>.

tandraschko commented on pull request #159:
URL: https://github.com/apache/myfaces/pull/159#issuecomment-766320930


   If we do it for 3.0, then please apply it for 23next too


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [myfaces] bohmber merged pull request #159: MYFACES-4376

Posted by GitBox <gi...@apache.org>.

bohmber merged pull request #159:
URL: https://github.com/apache/myfaces/pull/159


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org