#35730: Enhance password reset security by signing 'uid' parameter instead of
base64-encoding to prevent possible user count leakage
--------------------------------------+------------------------------------
Reporter: Remy | Owner: Remy
Type: Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by Jake Howard):
I believe everything in the standard library focuses on hashing, which is
1-way. Because the view needs to be able to retrieve the user's id from
the URL, it needs to be reversable.
XOR based on a key derived from `SECRET_KEY` might work, and be fairly
simple to implement:
https://en.wikipedia.org/wiki/XOR_cipher#Example_implementation. However,
what is functionally "rolling our own crypto" fills me with dread a
little. XOR is far from perfect: https://stackoverflow.com/a/1135197
(however most are problematic for particularly large inputs, which isn't
relevant here), so whatever is used for the key needs to be suitably
random and not derivable back into the `SECRET_KEY`.
--
Ticket URL: <https://code.djangoproject.com/ticket/35730#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/01070191c2c4737d-fd76ebe5-0357-49a0-882e-a397416bb25e-000000%40eu-central-1.amazonses.com.
