The downside of this particular approach is that systems that get promoted to "FIPS mode" will get into a sticky situation as the code originally set hashes to use MD5 but then switches to SHA-x after users may have already used MD5 (and thus have that data stored / recalled). The best way really would be make them as configurable options by the user and only baking in decisions for methods that can handle floating between FIPS and non-FIPS modes.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
