Author dmalcolm
Recipients dmalcolm, sbt
Date 2013-02-20.20:11:35
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Within multiprocessing.connection, deliver_challenge() and
answer_challenge() use hmac for a challenge/response.

hmac implicitly defaults to using MD5.

MD5 should no longer be used for security purposes.  See e.g.

This fails in a FIPS-compliant environment (e.g. with the patches I
apply to hashlib in issue 9216).

There's thus a possibility of an attacker defeating the multiprocessing

I'm attaching a patch which changes multiprocessing to use a clearly
identified algorithm (for the day when it needs changing again),
hardcoding it as "sha256"; presumably all processes within a
multiprocess program that share authkey can share the algorithm.

It's not clear to me whether should also be changed (this would
seem to have tougher backwards-compat concerns).

[Note to self: I'm tracking this downstream for RHEL as (this bug is
currently only visible to RH employees)]
Date User Action Args
2013-02-20 20:11:36dmalcolmsetrecipients: + dmalcolm, sbt
2013-02-20 20:11:36dmalcolmsetmessageid: <>
2013-02-20 20:11:36dmalcolmlinkissue17258 messages
2013-02-20 20:11:36dmalcolmcreate