Steve, pycrypto is almost dead. The replacement is pycryptodome. BUT both cannot be installed at the same time, so there is a struggle to get all projects to work correctly with pycryptodome, Last i checked the status was this: http://git.openstack.org/cgit/openstack/requirements/tree/global-requirements.txt#n188
cryptography has been there in requirements since 2014: https://review.openstack.org/#/c/93794/ So, i'd support projects wanting to use cryptography directly. fwiw, i don't see a claim to support FIPS-140-2 in cryptography: https://cryptography.io/en/latest/development/test-vectors/ https://github.com/pyca/cryptography/tree/master/vectors/cryptography_vectors/asymmetric/ECDSA Thanks, Dims On Sun, Nov 6, 2016 at 3:05 AM, Steven Dake (stdake) <[email protected]> wrote: > Requirements team, > > > > Currently Kolla uses pycrypto in our requirements. I see a lot of big tent > projects moving to cryptography. Is this just my imagination, or was there > a decision on this from the requirements team? We are happy to comply with > whatever dep management is considered appropriate for OpenStack ESPECIALLY > as it relates to security and crypto libraries. > > > > I’d just like confirmation if we should move off pycrypto to cryptography, > or if these two things offer similar functionality, or if I’m way off base > here J. > > > > An orthogonal question I have received from one of our community members > (Pavo on irc) is whether pycrypto (or if we move to cryptography) provide > FIPS-140-2 compliance. > > > > Regards > > -steve > > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Davanum Srinivas :: https://twitter.com/dims __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
