On 7/4/12 2:50 AM, PJ Eby wrote:
On Tue, Jul 3, 2012 at 7:33 PM, Jennings, Jared L CTR USAF AFMC 46
SK/CCI <jared.jennings....@eglin.af.mil
<mailto:jared.jennings....@eglin.af.mil>> wrote:
On hosts configured for compliance with U.S. Federal Information
Processing Standard (FIPS) 140-2
<http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf>, like
those in some banks and, yes, the U.S. Department of Defense,
cryptographic modules (such as OpenSSL, which underlies hashlib)
are not
allowed to calculate MD5 digests, because MD5 is no longer a FIPS
Approved digest algorithm.
So if it's not a cryptographic module, it's okay? ;-)
I know no one is trying here to lean on MD5 for security, but the
standard says nothing about the reason why you're using MD5: just that
you can't.
No one expects a digest algorithm to fail, and Python 2.x may not have
been fixed to check for that before being frozen
<https://bugzilla.redhat.com/show_bug.cgi?id=746118#c3>, so if you run
an MD5 checksum on a FIPS-compliant system with an unpatched
Python 2.x,
the Python interpreter will segfault. (Ruby, too, had this problem and
was itself only recently fixed,
<http://bugs.ruby-lang.org/issues/4944>.)
I have to configure hosts in accordance with FIPS 140-2, so the more
places I can get rid of MD5, the less headaches I have.
If we replace it with something else, then I suggest we replace it
with something that's even MORE braindead than md5 so that nobody will
mistake it for a secure hash. Otherwise, we will have this exact same
problem all over again when the replacement "secure" hash is disabled
by a newer version of FIPS.
The other option is simply to forego a checksum altogether and assume
same size = same file. Honestly, I don't remember why we cared about
detecting such modifications in the first place: neither PEP 376 nor
262 explain why, and 376 doesn't explain why it went with md5 instead
of sha1 (as in PEP 262).
I wanted to be able to offer a way for installers to detect that a file
was changed to avoid deleting it for instance, and issue a warning to
the user -- or maybe give a chance to the installer to save a copy of
the file somewhere.
I picked md5 because I wanted it brain dead and could not imagine that
would be an issue somehow. Maybe zlib.crc32 would be a better choice.
If we remove the hash, oh well. no big deal I guess. If an installer
wants to add this feature it can maintain hashes itself.
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
http://mail.python.org/mailman/listinfo/distutils-sig
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
http://mail.python.org/mailman/listinfo/distutils-sig
