You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched the existing issues for similar feature requests.
I added a descriptive title and summary to this issue.
Summary
The following issue and attached pull request explain and solves the problem introduced and partly solved in #7120.
The usage of streamlit with FIPS-Compliant Systems are in the current streamlit version not possible. This is caused by the usage of hashing algorithms that are proven to be unsecure.
Why?
The problem is mainly in regards to the usage of MD5 as explained in the hashlib documentation:
Streamlit are not using the algorithms for security purposes and can therefore easily be changed. Hashlib introduced the usedforsecurity kwarg in python 3.9 (hashlib documentation), that can easily solve the problem.
Since streamlit support python version 3.8, I'll add behaviour similar to runtime.py.
Additional Context
To be FIPS compliant, an organization must adhere to the various data security and computer system standards outlined in the Federal Information Processing Standards (FIPS).
The text was updated successfully, but these errors were encountered:
Checklist
Summary
The following issue and attached pull request explain and solves the problem introduced and partly solved in #7120.
The usage of streamlit with FIPS-Compliant Systems are in the current streamlit version not possible. This is caused by the usage of hashing algorithms that are proven to be unsecure.
Why?
The problem is mainly in regards to the usage of MD5 as explained in the hashlib documentation:
How?
Streamlit are not using the algorithms for security purposes and can therefore easily be changed. Hashlib introduced the
usedforsecurity
kwarg in python 3.9 (hashlib documentation), that can easily solve the problem.Since streamlit support python version 3.8, I'll add behaviour similar to runtime.py.
Additional Context
To be FIPS compliant, an organization must adhere to the various data security and computer system standards outlined in the Federal Information Processing Standards (FIPS).
The text was updated successfully, but these errors were encountered: