mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-10 00:42:41 +01:00
No description
8a4bf38655
Summary: See <https://hackerone.com/reports/435648>. We currently use 80-bit TOTP keys. The RFC suggests 128 as a minimum and recommends 160. The math suggests that doing the hashing for an 80-bit key is hard (slightly beyond the reach of a highly motivated state actor, today) but there's no reason not to use 160 bits instead to put this completely out of reach. See some additional discussion on the HackerOne report about enormous key sizes, number of required observations, etc. Test Plan: Added a new 160-bit TOTP factor to Google Authenticator without issue. Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D19792 |
||
---|---|---|
bin | ||
conf | ||
externals | ||
resources | ||
scripts | ||
src | ||
support | ||
webroot | ||
.arcconfig | ||
.arclint | ||
.arcunit | ||
.editorconfig | ||
.gitignore | ||
LICENSE | ||
NOTICE | ||
README.md |
Phabricator is a collection of web applications which help software companies build better software.
Phabricator includes applications for:
- reviewing and auditing source code;
- hosting and browsing repositories;
- tracking bugs;
- managing projects;
- conversing with team members;
- assembling a party to venture forth;
- writing stuff down and reading it later;
- hiding stuff from coworkers; and
- also some other things.
You can learn more about the project (and find links to documentation and resources) at Phabricator.org
Phabricator is developed and maintained by Phacility.
SUPPORT RESOURCES
For resources on filing bugs, requesting features, reporting security issues, and getting other kinds of support, see Support Resources.
NO PULL REQUESTS!
We do not accept pull requests through GitHub. If you would like to contribute code, please read our Contributor's Guide.
LICENSE
Phabricator is released under the Apache 2.0 license except as otherwise noted.