From 460d56eb74828cde6015e5e10e4dcf1cbc5ad781 Mon Sep 17 00:00:00 2001
From: jesopo <github@lolnerd.net>
Date: Tue, 12 Feb 2019 23:52:09 +0000
Subject: [PATCH] Never allow use of MD2 (sasl.scram)

---
 modules/sasl/scram.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/sasl/scram.py b/modules/sasl/scram.py
index 565f97e7..80c6cbad 100644
--- a/modules/sasl/scram.py
+++ b/modules/sasl/scram.py
@@ -3,8 +3,9 @@ import base64, enum, hashlib, hmac, os, typing
 # IANA Hash Function Textual Names
 # https://tools.ietf.org/html/rfc5802#section-4
 # https://www.iana.org/assignments/hash-function-text-names/
+# MD2 has been removed as it's unacceptably weak
 ALGORITHMS = [
-    "MD2", "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"]
+    "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"]
 
 def _scram_nonce() -> bytes:
     return base64.b64encode(os.urandom(32))