[Openstack-security] [Bug 1348339] Re: Use of weak MD5 algorithm
Nikhil Manchanda
SlickNik at gmail.com
Wed Aug 6 01:22:23 UTC 2014
So I looked into this a bit more, and schang is correct.
Trove is limited by the implementation that swift supports which is currently only MD5.
If we want to support file verification based on SHA256 or something else, we will need to have this added to swift.
** Changed in: trove
Status: Triaged => Opinion
** Changed in: trove
Status: Opinion => Won't Fix
** Changed in: trove
Assignee: Simon Chang (changsimon) => (unassigned)
** Changed in: trove
Milestone: ongoing => None
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1348339
Title:
Use of weak MD5 algorithm
Status in OpenStack Security Advisories:
Won't Fix
Status in Openstack Database (Trove):
Won't Fix
Bug description:
The file: trove/trove/guestagent/strategies/storage/swift.py line 54
uses a weak hashing algorithm, MD5. It would be pretty simple
hardening upgrade to use at least hashlib.SHA256.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ossa/+bug/1348339/+subscriptions
More information about the Openstack-security
mailing list