Does ActionController::Session::CookieStore really default to using SHA1? SHA1 is "not recommended for new projects"
-
-
Replying to @bascule
@bascule looks like it https://github.com/rails/rails/blob/master/activesupport/lib/active_support/message_verifier.rb#L31 … is that bad?1 reply 0 retweets 0 likes -
Replying to @markov_twain
@markov_twain it's not good, heh. Should probably be SHA256 at least1 reply 0 retweets 0 likes
Replying to @markov_twain
@markov_twain cryptographic best practices would suggest upgrading at this point
11:05 AM - 28 Jan 2013
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.