[Distutils] Proposal: drop md5 for sha256

Toshio Kuratomi a.badger at gmail.com
Wed Jul 4 08:45:22 CEST 2012


On Tue, Jul 03, 2012 at 06:33:08PM -0500, Jennings, Jared L CTR USAF AFMC 46 SK/CCI wrote:
> On hosts configured for compliance with U.S. Federal Information
> Processing Standard (FIPS) 140-2
> <http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf>, like
> those in some banks and, yes, the U.S. Department of Defense,
> cryptographic modules (such as OpenSSL, which underlies hashlib) are not
> allowed to calculate MD5 digests, because MD5 is no longer a FIPS
> Approved digest algorithm.
> 
> I know no one is trying here to lean on MD5 for security, but the
> standard says nothing about the reason why you're using MD5: just that
> you can't.
> 
> No one expects a digest algorithm to fail, and Python 2.x may not have
> been fixed to check for that before being frozen
> <https://bugzilla.redhat.com/show_bug.cgi?id=746118#c3>, so if you run
> an MD5 checksum on a FIPS-compliant system with an unpatched Python 2.x,
> the Python interpreter will segfault. (Ruby, too, had this problem and
> was itself only recently fixed,
> <http://bugs.ruby-lang.org/issues/4944>.)
> 
> I have to configure hosts in accordance with FIPS 140-2, so the more
> places I can get rid of MD5, the less headaches I have.
> 
I've just had to look into this for a bug in a package on Fedora and it's
not all bad but also not all good.  I believe that in current python2 and
python3 (including soon to be released python-3.3),  if it's compiled
against openssl, the md5 hash constructor will SIGABRT when in FIPS mode.
If it's compiled against the internal md5 code, it will ignore FIPS mode.
Dave Malcolm has a patch in the tracker that hasn't yet been approved and
merged that allows one to pass a flag to the hash constructor that says that
the call is not being used for cryptographic purposes and then the
constructor will work even in FIPS mode.  I've seen no indication in the
tracker that this would be applied to future python-2.7.x releases, but it
could be backported by individual distributors of python2 (for instance,
Linux distributions).

A version of the patch is presently applied to the Fedora Linux 17 versions
of python2 and python3 if someone is curious.

Note that openssl itself allows the use of MD5 in FIPS mode under a similar
strategy.  So I'm not entirely certain that the standard forbids use of MD5
for non-cryptographic purposes.

-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20120703/2902f23b/attachment.pgp>


More information about the Distutils-SIG mailing list