[openstack-dev] [Glance][Security] Secure Hash Algorithm Spec

Luke Hinds lhinds at redhat.com
Fri Sep 29 10:19:33 UTC 2017

On Thu, Sep 28, 2017 at 8:38 PM, McClymont Jr, Scott <
scott.mcclymont at verizonwireless.com> wrote:

> Hey All,
> I've got a spec up for a change I want to implement in Glance for Queens
> to enhance the current checksum (md5) functionality with a stronger hash
> algorithm. I'm going to do this in such a way that it is easily altered in
> the future for new algorithms as they are released.  I'd appreciate it if
> someone on the security team could look it over and comment. Thanks.
> Review: https://review.openstack.org/#/c/507568/
+1 , thanks for undertaking this work. Strong support from the security
projects side.

Would be good to see all projects move on from MD5 use now, its been known
to be insecure for sometime and clashes with FIPS-142 compliance.

> --
> Scott McClymont
> Sr. Software Engineer
> Verizon Cloud Platform
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170929/948a467a/attachment.html>

More information about the OpenStack-dev mailing list