On Fri, Sep 29, 2017 at 1:38 PM, Jeremy Stanley <fu...@yuggoth.org> wrote: > On 2017-09-29 12:31:21 -0400 (-0400), Jay Pipes wrote: > [...] >> Can someone please inform me how changing the checksum algorithm >> for this operation to SHA-1 or something else would improve the >> security of this operation? > [...] [...] > The simpler explanation is that people hear "MD5 is broken" and so > anyone writing policies and auditing security/compliance just tells > you it's verboten. That, and uninformed alarmists who freak out when > they find uses of MD5 and think that means the software will be > hax0red the moment you put it into production. Sometimes it's easier > to just go through the pain of replacing unpopular cryptographic > primitives so you can avoid having this same discussion over and > over with people whose eyes glaze over as soon as you start to try > and tell them anything which disagrees with their paranoid > sensationalist media experts.
This is the primary motivator. Regardless of whether it makes sense for the particular use of md5 in Glance or not, operators have to fill in checkboxes in security compliance documentation that will be consumed by increasingly less-well-informed people. This way, rather than try to justify Glance's use of md5 in 140 chars or less (assuming there even is a "comment" field), operators can just answer "no" to the question "does the system rely on md5" and be done with it. I think that's why the general reaction to this spec is a sigh of relief that Glance is eliminating a dependency on md5. Additionally, there's a use case of locating the same image in different regions served by different Glance installations. The 'checksum' property was indexed back in Folsom or Grizzly so that a user could do an image-list call filtered by a particular checksum value to find the same image they were using in one region in another region. But with an md5 checksum, we really can't recommend this strategy of locating an image. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev