1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00
phorge-phorge/src/applications
epriestley 661f077bf7 Replace callsites to sha1() that use it to asciify entropy with
Filesystem::readRandomCharacters()

Summary: See T547. To improve auditability of use of crypto-sensitive hash
functions, use Filesystem::readRandomCharacters() in place of
sha1(Filesystem::readRandomBytes()) when we're just generating random ASCII
strings.

Test Plan:
  - Generated a new PHID.
  - Logged out and logged back in (to test sessions).
  - Regenerated Conduit certificate.
  - Created a new task, verified mail key generated sensibly.
  - Created a new revision, verified mail key generated sensibly.
  - Ran "arc list", got blocked, installed new certificate, ran "arc list"
again.

Reviewers: jungejason, nh, tuomaspelkonen, aran, benmathews

Reviewed By: jungejason

CC: aran, epriestley, jungejason

Differential Revision: 1000
2011-10-21 11:55:28 -07:00
..
auth Add Google as an OAuth2 provider (BETA) 2011-09-14 07:32:04 -07:00
base Make detection/recovery for bad cookies more strict 2011-08-19 15:45:35 -07:00
calendar Build a basic calendar view 2011-08-08 10:34:06 -07:00
conduit Replace callsites to sha1() that use it to asciify entropy with 2011-10-21 11:55:28 -07:00
countdown Fix some brace lint stuff. 2011-08-02 10:40:45 -07:00
daemon Refactor repository reparse scripts to be more useful 2011-09-27 17:20:04 -07:00
differential Replace callsites to sha1() that use it to asciify entropy with 2011-10-21 11:55:28 -07:00
diffusion Add test to check all symbols can be loaded 2011-10-20 16:43:13 -07:00
directory Use Javelin workflow on directory item deletion 2011-05-28 11:57:31 -07:00
draft/storage Revision comment drafts. 2011-02-05 16:57:21 -08:00
feed Fix generateChronologicalKey() for 32-bit machines 2011-09-14 09:03:45 -07:00
files Replace callsites to sha1() that use it to asciify entropy with 2011-10-21 11:55:28 -07:00
help/controller Explicitly show that "escape" closes dialogs in Phabricator 2011-08-02 09:21:28 -07:00
herald Make Herald Rules sticky in X-Herald-Rules 2011-08-17 10:38:29 -07:00
maniphest Replace callsites to sha1() that use it to asciify entropy with 2011-10-21 11:55:28 -07:00
markup Allow custom hyperlinks; Pass differential.diff-id into remarkup engine config 2011-10-20 14:39:18 -07:00
metamta Allow bugs@ addresses to blanket-accept tasks 2011-10-20 14:26:19 -07:00
owners Removing reordering code that wasn't needed 2011-04-20 17:07:46 -07:00
paste Fix header display bug on forked pastes. 2011-07-21 11:22:56 -04:00
people Replace callsites to sha1() that use it to asciify entropy with 2011-10-21 11:55:28 -07:00
phid Replace callsites to sha1() that use it to asciify entropy with 2011-10-21 11:55:28 -07:00
phriction Some documentation updates. 2011-09-14 08:02:31 -07:00
project Fixed documentation in PhabricatorProjectSubproject 2011-09-13 21:21:12 -07:00
repository Clarify instructions for repository remote uri 2011-10-12 12:25:49 -07:00
search Some documentation updates. 2011-09-14 08:02:31 -07:00
slowvote Fix link to Slowvote user guide 2011-10-20 14:33:34 -07:00
status/base Add /status/ 2011-04-08 11:13:51 -07:00
typeahead/controller Tie all the pieces for symbol cross-references together 2011-10-09 17:58:17 -07:00
uiexample Add missing includes from XHPAST parse bug. 2011-04-06 23:14:58 -07:00
xhpastview Add missing includes from XHPAST parse bug. 2011-04-06 23:14:58 -07:00
xhprof Improve DarkConsole "Services" and "XHProf" plugins 2011-07-11 12:51:58 -07:00