-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
8 tests fail on a FIPS enabled system #1897
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Although using MD5 in this case isn't a security problem and should generally work, in my opinion also it would be better to migrate it. Changing the hash function will improve a bit the quality of Etag and shouldn't introduce any significant compatibility problems. |
In reality MD5 and SHA1 both have security vulnerabilities. Please see |
Of course, probably it would be better to choose a modern hash. Anyway, this place it's not a secure risky - but of course, still better remove usage of MD5/SHA1 |
@PritamDutt I don't have access to a FIPS 140 system. It would be helpful if you can confirm that the tests pass now. |
When using werkzeug on a linux system with FIPS enabled, following tests fail:
These tests have been run after cloning this project.
Environment:
The root cause for failure of these tests appear to be MD5, as it does not appear in the list of approved hashing algorithms (SHA-1, SHA-224, SHA-256, SHA-384, SHA512, SHA-512/224 and SHA-512/256).
Is it a possibility to migrate to SHA1 for hashing?
The text was updated successfully, but these errors were encountered: