Indeed, I recall many years ago setting up SharePoint 2013, and in the environment it was, I had to get a waiver to bypass the FIPS compliance mode.
SharePoint uses it internally for fast search match/indexing, not for any cryptographically sensitive operations. It was a pain to justify, but that was in ~2015 even, where MD5 was considered a risk in those environments no matter the usage. Obviously, exceptions were allowed with valid justification. -----Original Message----- From: Randy Bush via NANOG <[email protected]> Sent: Monday, September 1, 2025 8:40 AM To: Gary Sparkes via NANOG <[email protected]> Cc: Randy Bush <[email protected]> Subject: Re: beware: being old sucks > https://natmchugh.blogspot.com/2015/09/md5-collisions-in-ssh-keys.html yes, md5 is well known to have collision problems. in some uses, e.g. bgpp-md5, it is less of a concenrn. in this case, ssh, it is more of a problem. randy _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/ZUTBMV2VEA3ZVODNOFFN474A2DMEB7OL/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/L5FU4S2AKOSJ4VPDWAQYD2U5LR2OQ5UA/
