All, I have submitted a ticket where i propose the use of the "usedforsecurity=False" flag. Please take a look and comment if you have any thoughts.
https://code.djangoproject.com/ticket/28401 On Sunday, July 16, 2017 at 11:22:45 AM UTC-4, Andrew DiPrinzio wrote: > > I am having the same problem. Anyone have a solution other than patch > hashlib? > > On Wednesday, May 31, 2017 at 9:36:20 AM UTC-4, Tim Graham wrote: >> >> django-developers discussion: >> https://groups.google.com/d/msg/django-developers/dlUIPzQgnpM/Mtl7CQbPAQAJ >> >> On Tuesday, May 30, 2017 at 5:06:23 PM UTC-4, Tim Graham wrote: >>> >>> This usage generates a short, unique identifier for a database index >>> name. The usage of md5 here isn't security sensitive. Changing it to some >>> other hash could be backwards incompatible because Django would no longer >>> know the names of indexes in existing projects. There are other usages of >>> md5 in Django where a short, fast hash is needed. I'm not sure if >>> prohibiting the usage of md5 in Django or adding a setting to allow >>> selecting some other hash in all those places is worth the additional >>> complexity but you could write to django-developers to get other opinions. >>> >>> On Tuesday, May 30, 2017 at 4:21:24 PM UTC-4, Brandon Williams wrote: >>>> >>>> I'm running into issues when trying to migrate my models in an >>>> environment that is running FIPS restrictions regarding MD5. Here is the >>>> stack trace: >>>> >>>> Operations to perform: >>>>> Apply all migrations: admin, auth, contenttypes, dashboard, >>>>> kombu_transport_django, sessions >>>>> Running migrations: >>>>> Applying contenttypes.0001_initial...Traceback (most recent call >>>>> last): >>>>> File "manage.py", line 10, in <module> >>>>> execute_from_command_line(sys.argv) >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/core/management/__init__.py", >>>>> line 367, in execute_from_command_line >>>>> utility.execute() >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/core/management/__init__.py", >>>>> line 359, in execute >>>>> self.fetch_command(subcommand).run_from_argv(self.argv) >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/core/management/base.py", line >>>>> 294, in run_from_argv >>>>> self.execute(*args, **cmd_options) >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/core/management/base.py", line >>>>> 345, in execute >>>>> output = self.handle(*args, **options) >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/core/management/commands/migrate.py", >>>>> >>>>> line 204, in handle >>>>> fake_initial=fake_initial, >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/db/migrations/executor.py", >>>>> line >>>>> 115, in migrate >>>>> state = self._migrate_all_forwards(state, plan, full_plan, >>>>> fake=fake, fake_initial=fake_initial) >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/db/migrations/executor.py", >>>>> line >>>>> 145, in _migrate_all_forwards >>>>> state = self.apply_migration(state, migration, fake=fake, >>>>> fake_initial=fake_initial) >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/db/migrations/executor.py", >>>>> line >>>>> 244, in apply_migration >>>>> state = migration.apply(state, schema_editor) >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/db/migrations/migration.py", >>>>> line 129, in apply >>>>> operation.database_forwards(self.app_label, schema_editor, >>>>> old_state, project_state) >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/db/migrations/operations/models.py", >>>>> >>>>> line 532, in database_forwards >>>>> getattr(new_model._meta, self.option_name, set()), >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/db/backends/base/schema.py", >>>>> line 333, in alter_unique_together >>>>> self.execute(self._create_unique_sql(model, columns)) >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/db/backends/base/schema.py", >>>>> line 913, in _create_unique_sql >>>>> "name": self.quote_name(self._create_index_name(model, columns, >>>>> suffix="_uniq")), >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/db/backends/base/schema.py", >>>>> line 819, in _create_index_name >>>>> index_unique_name = '_%s' % self._digest(table_name, *column_names) >>>>> File >>>>> "/usr/lib64/python2.7/site-packages/django/db/backends/base/schema.py", >>>>> line 123, in _digest >>>>> h = hashlib.md5() >>>>> ValueError: error:060800A3:digital envelope >>>>> routines:EVP_DigestInit_ex:disabled for fips >>>> >>>> >>>> >>>> Is there a particular reason why MD5 is used here? Is there any harm >>>> in changing it to sh512 or something similar? >>>> >>> -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ba91b2b0-1d3f-4c0f-a79e-4ca869b1845e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
