Message285706
@rbtcollins, even if we go with a FIPS aware module, we'd still need to detect if md5 was used for security purposes.
If we build a system that detects FIPS enablement, call md5 say ... for generating a password, and then the python fips_md5 call is masking it, we'd be breaking FIPS rules.
I still see the point of the used_for_security flag. Maybe reverting the flag, set used_for_security to False because the normal usage of md5 shall be for hashes and non security stuff? |
|
Date |
User |
Action |
Args |
2017-01-18 08:24:08 | yolanda.robla | set | recipients:
+ yolanda.robla, pitrou, christian.heimes, rbcollins, rpetrov, doughellmann, dmalcolm, dholth, jpokorny, bkabrda, lukecarrier, icordasc |
2017-01-18 08:24:07 | yolanda.robla | set | messageid: <1484727847.96.0.653110074013.issue9216@psf.upfronthosting.co.za> |
2017-01-18 08:24:07 | yolanda.robla | link | issue9216 messages |
2017-01-18 08:24:07 | yolanda.robla | create | |
|