maria-discuss team mailing list archive
-
maria-discuss team
-
Mailing list archive
-
Message #05541
Re: mariadb + FIPS
-
To:
maria-discuss@xxxxxxxxxxxxxxxxxxx
-
From:
Reindl Harald <h.reindl@xxxxxxxxxxxxx>
-
Date:
Fri, 30 Aug 2019 00:33:35 +0200
-
In-reply-to:
<CAB=W+omMSV_2gpCEWQnZSxG8WXADi01iX8V2cP5XDtEe=20JHw@mail.gmail.com>
-
Openpgp:
id=9D2B46CDBC140A36753AE4D733174D5A5892B7B8; url=https://arrakis-tls.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
-
Organization:
the lounge interactive design
-
User-agent:
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
Am 30.08.19 um 00:10 schrieb Captain Wiggum:
> I have searched the archives and forums and cannot find an answer to
> this question.
> Does mariadb support FIPS, and if so, how or where is a document about this.
> I use mariadb 10.3.17 with OpenSSL 1.0.2 with FIPS enabled, all built
> from source.
> In FIPS mode, SHA1 is disallowed by openssl, as required by FIPS.
> However, when I search the mariadb code, SHA1 is used in many places.
> How can I update mariadb to use sha256, without a ton of recoding?
> Any tips appreciated.
outside of encryption code nothing is wrong with SHA1 depending on the
usecase and without context "SHA1 is used in many place" is a useless
statement
there are even usecases where MD4 is just fine
againb: not every usage of a hash function is security related or
collisions prone and in that case it would be pretty dumb use a much
slower sha256 hash
Follow ups
References
