[ovs-git] [openvswitch/ovs] 1134de: ovs-bugtool: Switch from MD5 to SHA-256.
noreply at github.com
Thu Aug 11 16:53:27 UTC 2016
Author: Ben Pfaff <blp at ovn.org>
Date: 2016-08-11 (Thu, 11 Aug 2016)
ovs-bugtool: Switch from MD5 to SHA-256.
While going through a FIPS certification process we discovered that
ovs-bugtool uses MD5 to identify the contents of files. FIPS doesn't allow
use of the obsolete and broken MD5 algorithm, so this commit switches to
In a way, this is a silly requirement. ovs-bugtool only uses MD5 to
identify file content, mostly to ensure that the contents of the bug report
have not been corrupted. MD5 is perfectly adequate for that purpose; in
fact a 16-bit CRC would probably be adequate. On the other hand, there is
basically no cost and no disadvantage to switching to SHA-256, so why not
do it? That's why I think that this is a reasonable change.
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Ryan Moats <rmoats at us.ibm.com>
More information about the git