[Openstack-security] [Bug 1348339] Re: Use of weak MD5 algorithm
Bryan D. Payne
bdpayne at acm.org
Mon Jul 28 19:32:16 UTC 2014
I pretty much agree with all that has been said. We should fix it.
SHA-2 makes the most sense today. And fixing it as a general hardening
measure, rather than an OSSA makes sense.
To the point of wanting to just get all bad crypto algorithms out of
these code bases... the OSSG is working on some gate tools that would
catch such things. Once those are put in place, it should be much
easier to prevent this kind of thing from happening in the future :-)
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1348339
Title:
Use of weak MD5 algorithm
Status in OpenStack Security Advisories:
Won't Fix
Status in Openstack Database (Trove):
Triaged
Bug description:
The file: trove/trove/guestagent/strategies/storage/swift.py line 54
uses a weak hashing algorithm, MD5. It would be pretty simple
hardening upgrade to use at least hashlib.SHA256.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ossa/+bug/1348339/+subscriptions
More information about the Openstack-security
mailing list