[openstack-dev] [requirements][kolla][security] pycrypto vs cryptography

Steven Dake (stdake) stdake at cisco.com
Tue Nov 8 21:50:10 UTC 2016


Pavo has told me he has exceptions in place for everything related to Kolla.  He says as long as we don’t use MD5, he is good to go for a 232 node deploy with more to follow (assuming Kolla works out of the box at that scale - we have only tested 123 node scale).

We do some basic PRNG to generate passwords, and some PKCS#11 (iirc) algos to generate passwords, and we also generate some ssh public/private keys.

Hope the security context helps.

Thanks everyone on his thread for providing guidance.  RobC++ on article.


On 11/8/16, 1:46 PM, "Clint Byrum" <clint at fewbar.com> wrote:

>Excerpts from Ian Cordasco's message of 2016-11-08 16:11:26 -0500:
>> Can I ask why FIPS compliance is a requirement for Kolla? This seems
>> like an odd request for a deployment project.
>Guessing it's for the modules that need to communicate securely with
>OpenStack itself.
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe

More information about the OpenStack-dev mailing list