Upgrade object reply addresses to SHA256 and remove "phabricator.mail-key"

Authored by epriestley on Jan 3 2019, 1:10 PM.


Upgrade object reply addresses to SHA256 and remove "phabricator.mail-key"

Ref T12509.

  • Upgrade an old SHA1 to SHA256.
  • Replace an old manually configurable HMAC key with an automatically generated one.

This is generally both simpler (less configuration) and more secure (you now get a unique value automatically).

This causes a one-time compatibility break that invalidates old "Reply-To" addresses. I'll note this in the changelog.

If you leaked a bunch of addresses, you could force a change here by mucking around with phabricator_auth.auth_hmackey, but AFAIK no one has ever used this value to react to any sort of security issue.

(I'll note the possibility that we might want to provide/document this "manually force HMAC keys to regenerate" stuff some day in T6994.)

Test Plan: Grepped for removed config. I'll vet this pathway more heavily in upcoming changes.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T12509

Differential Revision: https://secure.phabricator.com/D19945