The downside of this particular approach is that systems that get
promoted to "FIPS mode" will get into a sticky situation as the code
originally set hashes to use MD5 but then switches to SHA-x after
users may have already used MD5 (and thus have that data stored /
recalled). The best way really would be make them as configurable
options by the user and only baking in decisions for methods that can
handle floating between FIPS and non-FIPS modes.

OpenStack Development Mailing List (not for usage questions)

Reply via email to