Use secure hash algorithm in WebConfiguration.sign_text
Fix: PendingDeprecationWarning: HMAC() without an explicit digestmod argument is deprecated.
The default hash algorithm used by hmac.new is md5. As of today, md5 is so weak
that it's the equivalent of plaintext and can't be considered to be secured at all.
Therefor, we switch to a secure hash algorithm.
The rational for choosing sha3_512 is:
* the recommended algorithm is at least sha_256
* the stronger, the more secured and sha3_512 is the stronger available
* thinking about the future this should keep this part of the code safe long
enough before people think about checking it again
You can read more about choosing a secure hash algorithm in the NIST
recommendations https://csrc.nist.gov/Projects/Hash-Functions/NIST-Policy-on-Hash-Functions
This code modification should normally be transparent since check_text_sign is
exactly this code 'self.sign_text(text) == signature' and that sign_text is
only used in combination with it. The only impact is that the hash is going to
move from 32 char to 128 which might make html page a bit bigger and that
sha3_512 is slow to compute (which is a good thing for security)
include README
include COPYING
include COPYING.LESSER
include pylintrc
include jshintrc
include tox.ini
include flake8-ok-files.txt
include bin/cubicweb-*
include man/cubicweb-ctl.1
recursive-include extras *.bash_completion
include doc/*.rst
include doc/*.txt
include doc/Makefile
recursive-include doc/book *
recursive-include doc/tools *.py
recursive-include doc/tutorials *.rst *.py
recursive-include doc/api *.rst
recursive-include doc/_themes *
recursive-include doc/_static *
include doc/_templates/*.html
include doc/changes/*.rst
recursive-include doc/dev *.txt *.rst
recursive-include doc/images *.png *.svg
include doc/conf.py
include cubicweb/devtools/fix_po_encoding
recursive-include cubicweb/misc *.py *.png *.display
include cubicweb/web/views/*.pt
recursive-include cubicweb/web/data *.js *.css *.py *.png *.gif *.ico *.ttf *.svg *.woff *.eot
recursive-include cubicweb/web/wdoc *.rst *.png *.xml
recursive-include cubicweb/devtools/data *.js *.css *.sh
recursive-include cubicweb/i18n *.po
recursive-include cubicweb/schemas *.py *.sql
recursive-include requirements *.txt
recursive-include cubicweb/test *.py
recursive-include cubicweb/test/data bootstrap_cubes *.py *.sql
recursive-include cubicweb/test/data-rewrite bootstrap_cubes *.py
recursive-include cubicweb/test/data_schemareader *.py
recursive-include cubicweb/dataimport/test *.py
recursive-include cubicweb/dataimport/test/data *.py *.csv *.txt
recursive-include cubicweb/dataimport/test/data-massimport *.py
recursive-include cubicweb/devtools/test *.py
recursive-include cubicweb/devtools/test/data *.py *.txt *.js *.po.ref
recursive-include cubicweb/entities/test *.py
recursive-include cubicweb/entities/test/data *.py
recursive-include cubicweb/ext/test *.py
recursive-include cubicweb/ext/test/data *.py
recursive-include cubicweb/hooks/test *.py
recursive-include cubicweb/hooks/test/data-computed *.py
recursive-include cubicweb/hooks/test/data *.py
recursive-include cubicweb/sobjects/test *.py
recursive-include cubicweb/sobjects/test/data bootstrap_cubes *.py
recursive-include cubicweb/server/test *.py
recursive-include cubicweb/server/test/data bootstrap_cubes *.py source* *.conf.in *.ldif
recursive-include cubicweb/server/test/data-cwep002 *.py
recursive-include cubicweb/server/test/datacomputed *.py
recursive-include cubicweb/server/test/data-schema2sql toignore
recursive-include cubicweb/server/test/data-migractions bootstrap_cubes *.py
recursive-include cubicweb/server/test/data-schemaserial *.py
include cubicweb/web/test/testutils.js
recursive-include cubicweb/web/test *.py
include cubicweb/web/test/data/cubicweb_file/data/file.png
include cubicweb/web/test/data/cubicweb_file/wdoc/toc.xml
recursive-include cubicweb/web/test/data bootstrap_cubes pouet.css *.py
recursive-include cubicweb/web/test/data/static/jstests *.js *.html *.json
recursive-include cubicweb/wsgi/test *.py
include cubicweb/pyramid/development.ini.tmpl
include cubicweb/web/data/jquery-treeview/*.md
recursive-include cubicweb/skeleton *.py *.css *.js *.po compat *.tmpl rules
prune cubicweb/misc/cwfs