Never allow use of MD2 (sasl.scram)
This commit is contained in:
jesopo
parent
ac958384fe
commit
460d56eb74
1 changed files with 2 additions and 1 deletions
|
|
@ -3,8 +3,9 @@ import base64, enum, hashlib, hmac, os, typing
|
|||
# IANA Hash Function Textual Names
|
||||
# https://tools.ietf.org/html/rfc5802#section-4
|
||||
# https://www.iana.org/assignments/hash-function-text-names/
|
||||
# MD2 has been removed as it's unacceptably weak
|
||||
ALGORITHMS = [
|
||||
"MD2", "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"]
|
||||
"MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"]
|
||||
|
||||
def _scram_nonce() -> bytes:
|
||||
return base64.b64encode(os.urandom(32))
|
||||
|
|
|
|||
Loading…
Reference in a new issue