[Openstack-security] [Bug 1348339] Re: Use of weak MD5 algorithm
Simon Chang
schang at tesora.com
Wed Jul 30 18:19:21 UTC 2014
I don't think we can upgrade the code in question from MD5 to SHA256 at
the moment.
The Swift put_object() call's response has an etag field. This etag
field is populated with the MD5 hash for the data segment received by
Swift, and it is calculated by Swift.
I took a quick look at the Swift code, and don't see evidence of etag
hash algorithm being configurable on Swift.
This posting is also saying etag is MD5 only:
https://answers.launchpad.net/swift/+question/217171
Since MD5 is a constraint imposed by Swift, unless Swift starts to
support SHA etags, I don't believe we have other choice at the moment
but to stick with MD5 here.
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1348339
Title:
Use of weak MD5 algorithm
Status in OpenStack Security Advisories:
Won't Fix
Status in Openstack Database (Trove):
Triaged
Bug description:
The file: trove/trove/guestagent/strategies/storage/swift.py line 54
uses a weak hashing algorithm, MD5. It would be pretty simple
hardening upgrade to use at least hashlib.SHA256.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ossa/+bug/1348339/+subscriptions
More information about the Openstack-security
mailing list