Firepup650/bitbot-3.11-fork
2
0
Fork 0
Code Issues Pull requests Activity Actions

Never allow use of MD2 (sasl.scram)

Browse source
This commit is contained in:
jesopo 2019-02-12 23:52:09 +00:00
parent ac958384fe
commit 460d56eb74
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
modules/sasl/scram.py
View file

@ -3,8 +3,9 @@ import base64, enum, hashlib, hmac, os, typing
# IANA Hash Function Textual Names # IANA Hash Function Textual Names
# https://tools.ietf.org/html/rfc5802#section-4 # https://tools.ietf.org/html/rfc5802#section-4
# https://www.iana.org/assignments/hash-function-text-names/ # https://www.iana.org/assignments/hash-function-text-names/
# MD2 has been removed as it's unacceptably weak
ALGORITHMS = [ ALGORITHMS = [
"MD2", "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"] "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"]
def _scram_nonce() -> bytes: def _scram_nonce() -> bytes:
return base64.b64encode(os.urandom(32)) return base64.b64encode(os.urandom(32))