[Openstack-security] [Bug 1348339] Re: Use of weak MD5 algorithm
Nikhil Manchanda
SlickNik at gmail.com
Mon Jul 28 17:52:09 UTC 2014
Okay, I took a quick look at the code in Trove, and this _is_ one of the
cases where we're using an MD5 hash check to ensure no data corruption
has occurred with backup data stored in swift. Since it's not actually
being used for any crypto (i.e. encryption / decryption) I don't think
this is a high priority security issue, but it would be good for
hardening. Triaging the bug, appropriately based on this information.
Thanks!
** Changed in: trove
Status: New => Triaged
** Changed in: trove
Importance: Undecided => Low
** Changed in: trove
Milestone: None => ongoing
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1348339
Title:
Use of weak MD5 algorithm
Status in OpenStack Security Advisories:
Won't Fix
Status in Openstack Database (Trove):
Triaged
Bug description:
The file: trove/trove/guestagent/strategies/storage/swift.py line 54
uses a weak hashing algorithm, MD5. It would be pretty simple
hardening upgrade to use at least hashlib.SHA256.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ossa/+bug/1348339/+subscriptions
More information about the Openstack-security
mailing list