[TYPO3-core] RFC #12502: Feature: Use HMACs for authenticity and integrity checks
Marcus Krause
marcus#exp2010 at t3sec.info
Fri Apr 16 18:47:01 CEST 2010
Helmut Hummel schrieb am 04/15/2010 07:12 PM Uhr:
> Hi,
>
> Am 11.11.2009 13:11, schrieb Benjamin Mack:
>> Hey all,
>>
>> I agree with Dmitry to not add a feature like this in 4.3 anymore.
>>
>> Also, I agree with Dmitry to not add another additional requirement for
>> the Core, however AFAIR this is not needed for the hmac() functions.
>>
>> http://www.php.net/manual/en/hash.installation.php
>
>
> I want to revive this feature request. It would be a great improvement
> now at least for 4.4.
Attached is a new version (v1) of this RFC. This removes the dependency
of ext/hash by adding a fallback hmac generation.
Also the length argument has been dropped. The resulting HMAC length is
mentioned in PHPdoc.
I switched to HMAC-SHA-1 (instead of md5) because sha1 is already in use
for extbase and openid.
Nonetheless, I added ext/hash to the recommended PHP extensions as using
ext/hash will certainly have a speed advantage.
Marcus.
--
Member TYPO3 Security Team
Blog on TYPO3 Security: http://secure.t3sec.info/blog/
More information about the TYPO3-team-core
mailing list