Re: [Django] #28401: Allow hashlib.md5() calls to work with FIPS kernels

[Django]

#28401: Allow hashlib.md5() calls to work with FIPS kernels
-------------------------------------+-------------------------------------
     Reporter:  Andrew DiPrinzio     |                    Owner:  nobody
         Type:                       |                   Status:  new
  Cleanup/optimization               |
    Component:  Core (Other)         |                  Version:  master
     Severity:  Normal               |               Resolution:
     Keywords:  FIPS, md5            |             Triage Stage:
                                     |  Someday/Maybe
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Joshua Cornutt):

 Replying to [comment:7 Tim Graham]:
 > I'm not aware of any discussion of the issue outside of the ticket. You
 can write to the DevelopersMailingList if you want to get a second opinion
 on your proposal. As a general solution (replacing all `hashlib.md5()`
 calls in Django with a fallback to sha256), I don't like the idea because
 of inconsistency possibilities in mixed (fips and non-fips) system
 environments the performance differences (perhaps insignificant). Of
 course, there's also the issue that md5 and sha256 sums are different
 lengths. Perhaps truncating the latter to be the length of md5 would help
 eliminate possible bugs due to differences.

 I agree that a full, sweeping change from MD5 to SHA-256 is a Bad Idea
 (tm), but some code segments can be pretty easily moved over with
 minimal/no impact. I'm a fan of keeping things like this user-configurable
 and leaving the default as whatever the code uses today (MD5). That way it
 spreads some of the responsibility out. Since this is my first commit to
 the Django project, do you (or anyone else) have any tips/hints as to how
 to proceed with the change I proposed? How does it get a stamp of approval
 and merged?

-- 
Ticket URL: <https://code.djangoproject.com/ticket/28401#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.2577c5e40f0da410a38d058401528071%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.