Skip Menu |

This queue is for tickets about the Apache2-AuthCookieDBI CPAN distribution.

Report information
The Basics
Id: 79333
Status: resolved
Estimated: 1 hour (60 min)
Worked: 2 hours (120 min)
Priority: 0/
Queue: Apache2-AuthCookieDBI
People
Owner: matisse [...] spamcop.net
Requestors: ccolumbu [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: 2.16
Fixed in: 2.17

History Show all quoted text
  Fri Aug 31 17:16:50 2012 ccolumbu [...] gmail.com - Ticket created
Subject: Add sha256_base64() to password encryption methods
I would like to add sha256_base64() as a password encryption method. I have attached a proposed version of the file and here is the diff: 48d47 < use Digest::SHA qw( sha256_base64 ); 430c429 < be 'none', 'crypt', 'md5', or 'sha256'. This is not required and defaults to 'none'. --- Show quoted text
> be 'none', 'crypt', or 'md5'. This is not required and defaults to
'none'. 514d512 < 'sha256' => sub { return sha256_base64($password) eq $crypted_password; }, 1146c1144 < passwords you need to allow 13 characters. If you're using sha256_base64() you need to allow for 44 characters. --- Show quoted text
> passwords you need to allow 13 characters.
Subject: AuthCookieDBI_sha.pm

Message body is not shown because it is too large.

  Sun Sep 09 12:04:52 2012 matisse [...] spamcop.net - Taken
  Sun Sep 09 12:05:09 2012 matisse [...] spamcop.net - TimeEstimated changed from (no value) to '60'
  Sun Sep 09 12:05:09 2012 matisse [...] spamcop.net - Status changed from 'new' to 'open'
  Tue Nov 20 14:41:23 2012 matisse [...] spamcop.net - Correspondence added
Because Digest::SHA does not properly pad base64 digests I'm going to implement sha256_hex instead of sha256_base64. See: http://search.cpan.org/~mshelor/Digest-SHA-5.73/lib/Digest/SHA.pm#PADDING_OF_BASE64_DIGESTS
  Tue Nov 20 15:14:31 2012 matisse [...] spamcop.net - TimeWorked changed from (no value) to '120'
  Tue Nov 20 15:14:31 2012 matisse [...] spamcop.net - Status changed from 'open' to 'patched'
  Tue Nov 20 15:18:39 2012 ccolumbu [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #79333] Add sha256_base64() to password encryption methods
Date: Tue, 20 Nov 2012 12:18:20 -0800
To: bug-Apache2-AuthCookieDBI [...] rt.cpan.org
From: Chad <ccolumbu [...] gmail.com>
Yea, I knew about the padding issue. I don't care which you use, as long as it is based on sha256 (or higher). Hex is fine with me :) ^C On 11/20/2012 11:41 AM, Matisse Enzer via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=79333 > > > Because Digest::SHA does not properly pad base64 digests I'm going to implement sha256_hex instead of > sha256_base64. > > See: > > http://search.cpan.org/~mshelor/Digest-SHA-5.73/lib/Digest/SHA.pm#PADDING_OF_BASE64_DIGESTS >
  Tue Nov 20 15:18:39 2012 The RT System itself - Status changed from 'patched' to 'open'
  Tue Nov 20 16:34:22 2012 matisse [...] spamcop.net - Status changed from 'open' to 'patched'
  Thu Dec 06 10:43:20 2012 matisse [...] spamcop.net - Status changed from 'patched' to 'resolved'
  Thu Dec 06 10:43:20 2012 matisse [...] spamcop.net - Fixed in 2.17 added