Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-1099

in SHA= strings, short SHA prefixes should be acceptable

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open
    • Priority: Low
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: cf-key
    • Labels:
      None

      Description

      This is just an idea. Currently an agent's identity is a very long string, coming from the hash representation of its RSA key. E.g. SHA=2b065fe5d25582c44c70985451ea43f862432feecd72ac7a7a1085477921631a.

      Where ever such strings are acceptable in policy, we should be able to use prefixes of them, e.g. SHA=2b065fe5. This of course compromises the uniqueness of the hash, but this is done either way by shorting the 2048 bits of RSA key to 256 bits of SHA2. It's just that the user should be aware of what he is doing.

        Attachments

          Activity

            People

            • Assignee:
              a10039 Hichame Jeffali (Inactive)
              Reporter:
              a10038 jimis (Dimitrios Apostolou)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:

                Summary Panel