Add public API to use a different hash.Hash in hmac.HMACStrategy struct
mash opened this issue · 3 comments
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- This issue affects my Ory Cloud project.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Describe your problem
I want to use a different hash.Hash than the default sha512.New512_256 .
Describe your ideal solution
hmac.HMACStrategy has a public API to use a different hash.Hash
Workarounds or alternatives
Write our own HMACStrategy copy that uses the hash.Hash we want to.
Version
0.42.1
Additional Context
We are an old user of fosite, we want to upgrade to latest but in a way that doesn't break all previous tokens.
This should also be beneficial in case anyone wants to use a better hash.Hash too.
I think we can implement this in a way that doesn't break existing public APIs. I will send a pull request if you're interested.
Is there a particular reason for using 512 instead of 256 bits? Like some regulation you need to follow? Just asking out of curiosity.
Regarding making this public, we'd for sure accept such a PR! However, I don't think that it makes sense to introduce a backwards-compatible way of doing so. The problem here is that all backwards compatible logic in essential code such as this offers a big area for making mistakes now or in the future, which can lead to very severe security vulnerabilities. It depends a bit on the code though, of course.
No it's the other way around, we had a very old Fosite installation which uses a different hash.Hash function, and we wanted a smooth upgrade.
For the backward compatible part, yes please check the PR and request any changes.
Ah, I see - sorry for the misunderstanding!