Hi,
The only place that Review Board uses md5 is if you're using the HTTP
Digest authentication backend (in which case it's specified by the HTTP
Digest Auth spec). There are also a couple call sites in unit tests, but
those are only used in development and not on production servers.
-David
On
Ideally we'd like to use the security profile for the NIST 800-171. Yes,
this is for a security *need *and not some whimsical desire for security.
For all new installs, that's what we're going with. That includes a certain
required level of encryption. Reviewboard as is uses hashlibs.md5, and
