[SciPy-Dev] scipy.weave uses md5 -- can't run in FIPS mode
Robert Kern
robert.kern at gmail.com
Tue Oct 1 11:40:15 EDT 2013
On Tue, Oct 1, 2013 at 4:07 PM, Tomas Tomecek <ttomecek at redhat.com> wrote:
>
> Hello everyone,
>
> since weave uses md5, it can't run in FIPS mode.
>
> Have you been asked about this in a past? Would it be possible to use
> some NIST approved hash function?
To my knowledge, no one has asked about it.
The specific hash is not critical, as the hash is not used for any security
purpose whatsoever. It's just a key for a cache of code for recompilation
(similar to ccache). If FIPS mode really requires that MD5 is not used
anywhere for any purpose, then you can patch scipy.weave to use a different
hash. However, I do reiterate that scipy.weave has no security guarantees
whatsoever, the MD5 hash is not used for any security purpose, and the
cryptographic security properties of the hash have no effect on the
operation of scipy.weave in the slightest. scipy.weave will be just as
insecure with SHA-whatever as it is with MD5.
--
Robert Kern
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/scipy-dev/attachments/20131001/501754b0/attachment.html>
More information about the SciPy-Dev
mailing list