[openstack-dev] [trove][requirements][kolla][security] pycrypto vs cryptography

Amrith Kumar amrith at tesora.com
Sun Nov 6 12:43:44 UTC 2016


Steve,

 

I’m in the midst of doing something in this area for Trove and OSLO so I’m interested in this subject and have added [trove] to the subject so I don’t lose track of this thread. I was planning to use pycrypto. I’d prefer to continue with that; but thanks for the heads-up, I’ll plan on making the underlying library pluggable rather than tying closely to pycrypto.

 

I did some looking into FIPS-140 and -2 and it appears that there are no -2 compliant python libraries but many are FIPS-140 compliant in that they provide AES, SHA256 and SHA512.

 

Thanks,

 

-amrith

 

 

From: Steven Dake (stdake) [mailto:stdake at cisco.com] 
Sent: Sunday, November 6, 2016 3:06 AM
To: OpenStack Development Mailing List (not for usage questions) <openstack-dev at lists.openstack.org>
Subject: [openstack-dev] [requirements][kolla][security] pycrypto vs cryptography

 

Requirements team,

 

Currently Kolla uses pycrypto in our requirements.  I see a lot of big tent projects moving to cryptography.  Is this just my imagination, or was there a decision on this from the requirements team?  We are happy to comply with whatever dep management is considered appropriate for OpenStack ESPECIALLY as it relates to security and crypto libraries.

 

I’d just like confirmation if we should move off pycrypto to cryptography, or if these two things offer similar functionality, or if I’m way off base here :).

 

An orthogonal question I have received from one of our community members (Pavo on irc) is whether pycrypto (or if we move to cryptography) provide FIPS-140-2 compliance.

 

Regards

-steve

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161106/06d60ebd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4805 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161106/06d60ebd/attachment.bin>


More information about the OpenStack-dev mailing list