Obsolete check-identity-04
The [token]/hash_algorithm config option has been deprecated since mitaka[1]. To avoid renumbering, update check-identity-04 to '(Obsolete)'. This keeps numbering compatibilty for people using previous version of the checklist. [1]: https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka Change-Id: I587617f29141a244ca7983300ff4fcebed4255f5
This commit is contained in:
parent
b0e696774c
commit
f493bb8c50
|
@ -83,21 +83,9 @@ you should enable TLS on the HTTP/WSGI server.
|
|||
|
||||
Recommended in: :doc:`../secure-communication`.
|
||||
|
||||
Check-Identity-04: Does Identity use strong hashing algorithms for PKI tokens?
|
||||
Check-Identity-04: (Obsolete)
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
MD5 is a weak and depreciated hashing algorithm. It can be cracked using
|
||||
brute force attack. Identity tokens are sensitive and need to be
|
||||
protected with a stronger hashing algorithm to prevent unauthorized
|
||||
disclosure and subsequent access.
|
||||
|
||||
**Pass:** If value of parameter ``hash_algorithm`` under ``[token]``
|
||||
section in ``/etc/keystone/keystone.conf`` is set to SHA256.
|
||||
|
||||
**Fail:** If value of parameter ``hash_algorithm`` under
|
||||
``[token]``\ section is set to MD5.
|
||||
|
||||
Recommended in: :doc:`tokens`.
|
||||
|
||||
Check-Identity-05: Is ``max_request_body_size`` set to default (114688)?
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
|
Loading…
Reference in New Issue