"dev" <[email protected]> wrote on 08/10/2016 11:14:27 PM:
> From: Ben Pfaff <[email protected]> > To: [email protected] > Cc: Ben Pfaff <[email protected]> > Date: 08/10/2016 11:14 PM > Subject: [ovs-dev] [PATCH] ovs-bugtool: Switch from MD5 to SHA-256. > Sent by: "dev" <[email protected]> > > While going through a FIPS certification process we discovered that > ovs-bugtool uses MD5 to identify the contents of files. FIPS doesn't allow > use of the obsolete and broken MD5 algorithm, so this commit switches to > SHA-256. > > In a way, this is a silly requirement. ovs-bugtool only uses MD5 to > identify file content, mostly to ensure that the contents of the bug report > have not been corrupted. MD5 is perfectly adequate for that purpose; in > fact a 16-bit CRC would probably be adequate. On the other hand, there is > basically no cost and no disadvantage to switching to SHA-256, so why not > do it? That's why I think that this is a reasonable change. > > VMware-BZ: #1708786 > Signed-off-by: Ben Pfaff <[email protected]> > --- Yes, it's annoying, but arguing with FIPS reminds me of bringing a knife to a gun fight... The patch looks sane so ... Acked-by: Ryan Moats <[email protected]> (On a side note, I realized that we don't really have a unit test for this tool, but honestly, I'm not sure it's worth adding one - I leave that to wiser heads than mine...) _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
