AFAIK we are not using any self-develop cryptography, just regular Ruby and Rails algorighms like md5, sha, X509, UNIX crypt, ActiveSupport::MessageEncryptor and stuff like that.
If you are going to do security audit, please share your results. Keep in mind that if you found a security bug, use foreman-security@ email for communication (more on this at https://theforeman.org/security.html). LZ On Tue, Nov 29, 2016 at 12:10 PM, 'Aditya Gupta' via foreman-dev < foreman-dev@googlegroups.com> wrote: > Hello All, > > We are planning to use foreman for deployment and we need to answer below > question to classify whether we can use it or not : > > 1) > > 2) Does it contain any kind of > encryption/decryption functionality besides > > a. Authentication > > b. Hashing > > 3) If it contains such an encryption > functionality, … > > - Is it based on a public available algorithm/library or is it a > self-developed algorithm > > - What is the name of the encryption library or algorithm > > i. Is it symmetric or > asymmetric? > > ii. What is the maximum > supported key length? > > iii. Is it linked dynamically, > statically, a standard API call or something different (provided as a > result of a different tool, command line interface, …) > > > Any help would be appreciated. > > > > Thanks, > > Aditya > > -- > You received this message because you are subscribed to the Google Groups > "foreman-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-dev+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Later, Lukas @lzap Zapletal -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
