[Openstack-security] [Bug 1348339] Re: Use of weak MD5 algorithm
Robert Clark
1348339 at bugs.launchpad.net
Mon Jul 28 11:57:18 UTC 2014
@Jeremy there are more issues than just collisions in MD5, for a start
the search space for an MD5 hash is completely tractable due to rainbow
tables, pre-image attacks are also theoretically possible in addition to
the collisions you describe.
In summary, it's appropriate to use MD5 for corruption checks where
there's no possibility of malicious attempts to breach file integrity
but this is rarely the case and SHA hashes should probably just replace
md5 across the board.
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1348339
Title:
Use of weak MD5 algorithm
Status in OpenStack Security Advisories:
Won't Fix
Status in Openstack Database (Trove):
New
Bug description:
The file: trove/trove/guestagent/strategies/storage/swift.py line 54
uses a weak hashing algorithm, MD5. It would be pretty simple
hardening upgrade to use at least hashlib.SHA256.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ossa/+bug/1348339/+subscriptions
More information about the Openstack-security
mailing list