switch to HMAC digest to avert extension attack

author: Tobi Oetiker <tobi@oetiker.ch> 2008-03-18 09:10:40 +0100
committer: Tobi Oetiker <tobi@oetiker.ch> 2008-03-18 09:10:40 +0100
commit: a002bbdae7018d7c23f857780074ef00e3e6f31e (patch)
tree: 977aceaed2d4bb1a73b47695a4d1653567d74e2f /CHANGES
parent: efe9d8dafd6a8bc5845eae3b4dbc172ad68aa187 (diff)
download: smokeping-a002bbdae7018d7c23f857780074ef00e3e6f31e.tar.gz
smokeping-a002bbdae7018d7c23f857780074ef00e3e6f31e.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index acd0f9b..86dac26 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+* Switch message hash generation to Digest::HMAC_MD5 (bundled) since this
+  prevents the extension attack. Note that this change requires that you
+  upgrade client and server in sync (you should do that anyway, but
+  especially because of this)! -- tobi
+
 * make sure when loading the sortercache that we only load info about
   graphs presently in the config. --tobi
author	Tobi Oetiker <tobi@oetiker.ch>	2008-03-18 09:10:40 +0100
committer	Tobi Oetiker <tobi@oetiker.ch>	2008-03-18 09:10:40 +0100
commit	a002bbdae7018d7c23f857780074ef00e3e6f31e (patch)
tree	977aceaed2d4bb1a73b47695a4d1653567d74e2f /CHANGES
parent	efe9d8dafd6a8bc5845eae3b4dbc172ad68aa187 (diff)
download	smokeping-a002bbdae7018d7c23f857780074ef00e3e6f31e.tar.gz smokeping-a002bbdae7018d7c23f857780074ef00e3e6f31e.tar.xz