"dev" <dev-boun...@openvswitch.org> wrote on 08/10/2016 11:14:27 PM:
> From: Ben Pfaff <b...@ovn.org> > To: dev@openvswitch.org > Cc: Ben Pfaff <b...@ovn.org> > Date: 08/10/2016 11:14 PM > Subject: [ovs-dev] [PATCH] ovs-bugtool: Switch from MD5 to SHA-256. > Sent by: "dev" <dev-boun...@openvswitch.org> > > While going through a FIPS certification process we discovered that > ovs-bugtool uses MD5 to identify the contents of files. FIPS doesn't allow > use of the obsolete and broken MD5 algorithm, so this commit switches to > SHA-256. > > In a way, this is a silly requirement. ovs-bugtool only uses MD5 to > identify file content, mostly to ensure that the contents of the bug report > have not been corrupted. MD5 is perfectly adequate for that purpose; in > fact a 16-bit CRC would probably be adequate. On the other hand, there is > basically no cost and no disadvantage to switching to SHA-256, so why not > do it? That's why I think that this is a reasonable change. > > VMware-BZ: #1708786 > Signed-off-by: Ben Pfaff <b...@ovn.org> > --- Yes, it's annoying, but arguing with FIPS reminds me of bringing a knife to a gun fight... The patch looks sane so ... Acked-by: Ryan Moats <rmo...@us.ibm.com> (On a side note, I realized that we don't really have a unit test for this tool, but honestly, I'm not sure it's worth adding one - I leave that to wiser heads than mine...) _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
