Am I required to use SHA256?

Question

Am I required to use SHA256?

Opened this issue 11 years ago · 2 comments

According to https://github.com/WindowsAzure/azure-resource-provider-sdk/blob/master/docs/api-sso.md I have to use SHA-256. What if I don't trust SHA-256 and want to use some other hash that has longer output? Since only RP actually generates the hash and the Store just passes it back and forth this should be possible unless there's a restriction on how long a token can be. Can I use another hash and longer tokens?

Answer 1 · 2013-09-04T16:55:31.000Z

You are not required to use SHA-256, but keep in mind you must use something that is at least as strong.

Answer 2 · 2013-09-05T06:09:24.000Z

@bilalaslam Great but if you really care about has strength you should also look into this issue #26