Open Stack

Dims,

Right I think I have heard pycrypto was dead, which sort of prompted the question.  Thanks for the response!

Regards,
-steve

From: Davanum Srinivas <davanum at gmail.com>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
Date: Sunday, November 6, 2016 at 7:39 AM
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
Subject: Re: [openstack-dev] [requirements][kolla][security] pycrypto vs cryptography

Steve,

pycrypto is almost dead. The replacement is pycryptodome. BUT both
cannot be installed at the same time, so there is a struggle to get
all projects to work correctly with pycryptodome, Last i checked the
status was this:
http://git.openstack.org/cgit/openstack/requirements/tree/global-requirements.txt#n188

cryptography has been there in requirements since 2014:
https://review.openstack.org/#/c/93794/

So, i'd support projects wanting to use cryptography directly.

fwiw, i don't see a claim to support FIPS-140-2 in cryptography:
https://cryptography.io/en/latest/development/test-vectors/
https://github.com/pyca/cryptography/tree/master/vectors/cryptography_vectors/asymmetric/ECDSA

Thanks,
Dims



On Sun, Nov 6, 2016 at 3:05 AM, Steven Dake (stdake) <stdake at cisco.com<mailto:stdake at cisco.com>> wrote:
Requirements team,



Currently Kolla uses pycrypto in our requirements.  I see a lot of big tent
projects moving to cryptography.  Is this just my imagination, or was there
a decision on this from the requirements team?  We are happy to comply with
whatever dep management is considered appropriate for OpenStack ESPECIALLY
as it relates to security and crypto libraries.



I’d just like confirmation if we should move off pycrypto to cryptography,
or if these two things offer similar functionality, or if I’m way off base
here J.



An orthogonal question I have received from one of our community members
(Pavo on irc) is whether pycrypto (or if we move to cryptography) provide
FIPS-140-2 compliance.



Regards

-steve




__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org<mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
Davanum Srinivas :: https://twitter.com/dims

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org<mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161106/9c4f4968/attachment.html>