Page MenuHomePhabricator

Upgrade object reply addresses to SHA256 and remove "phabricator.mail-key"

Authored by epriestley on Jan 3 2019, 1:18 PM.



Ref T12509.

  • Upgrade an old SHA1 to SHA256.
  • Replace an old manually configurable HMAC key with an automatically generated one.

This is generally both simpler (less configuration) and more secure (you now get a unique value automatically).

This causes a one-time compatibility break that invalidates old "Reply-To" addresses. I'll note this in the changelog.

If you leaked a bunch of addresses, you could force a change here by mucking around with phabricator_auth.auth_hmackey, but AFAIK no one has ever used this value to react to any sort of security issue.

(I'll note the possibility that we might want to provide/document this "manually force HMAC keys to regenerate" stuff some day in T6994.)

Test Plan

Grepped for removed config. I'll vet this pathway more heavily in upcoming changes.

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Jan 3 2019, 1:18 PM
epriestley requested review of this revision.Jan 3 2019, 1:20 PM
amckinley accepted this revision.Jan 3 2019, 7:42 PM
This revision is now accepted and ready to land.Jan 3 2019, 7:42 PM
This revision was automatically updated to reflect the committed changes.