| Algorithm |
Purpose |
Configurable |
Implementation |
Details |
Source
|
| md5 |
Token hashing |
No |
hashlib |
- Hash is used as an internal identifier in the token backend.
- The data being hashed is the entire cryptographically signed token (which uses the configured signing key). The chance for collisions should be low.
|
- keystoneclient/utils.py
- keystoneclient/common/cms.py
|
| sha1 |
S3 credentials |
No |
hashlib |
- Used for signature validation of S3 credentials.
- Required for S3 compatibility, so it can't be configurable.
|
- keystone/contrib/s3/core.py
|
| sha1 |
LDAP password hashing |
No |
PassLib |
- Salted using PassLib default (currently 4 bytes).
|
|
| sha1 |
OAuth1 |
No |
oauthlib |
- Used for signature validation of OAuth1 tokens.
- OAuth usage is optional.
|
- keystone/contrib/oauth1/core.py
- keystone/contrib/oauth1/verifier.py
|
| sha256 |
EC2 tokens |
No |
hashlib |
- Required for EC2 compatibility, so it can't be configurable.
|
- keystone/credential/controllers.py
- keystone/common/utils.py
- keystoneclient/contrib/ec2/utils.py
|
| sha384 |
Memcache signing |
No |
hashlib |
- Used for signing and verification when memcache encryption is enabled.
|
- keystoneclient/middleware/memcache_crypt.py
|
| sha512 |
Password hashing |
No |
PassLib |
- The algorithm is non-configurable, but the number of rounds is configurable via CONF.crypt_strength (default=40000).
|
|
