← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1288545] [NEW] Ensure digital signatures in Glance are a minimum of SHA2

 

Public bug reported:

It would be great to enhance Glance to use minimum of SHA2 to do digital
signature for FIPS compliance.

In FIPS(FEDERAL INFORMATION PROCESSING STANDARDS) says the SHA-1 is not
suitable for general-purpose digital signature applications (as
specified in FIPS 186-3) that require 112 bits of security. In the case
of digital signatures, SHA-1 does not provide the 112 bits of collision
resistance needed to achieve the security strength.

** Affects: glance
     Importance: Low
     Assignee: Fei Long Wang (flwang)
         Status: New

** Changed in: glance
   Importance: Undecided => Low

** Changed in: glance
     Assignee: (unassigned) => Fei Long Wang (flwang)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1288545

Title:
  Ensure digital signatures in Glance are a minimum of SHA2

Status in OpenStack Image Registry and Delivery Service (Glance):
  New

Bug description:
  It would be great to enhance Glance to use minimum of SHA2 to do
  digital signature for FIPS compliance.

  In FIPS(FEDERAL INFORMATION PROCESSING STANDARDS) says the SHA-1 is
  not suitable for general-purpose digital signature applications (as
  specified in FIPS 186-3) that require 112 bits of security. In the
  case of digital signatures, SHA-1 does not provide the 112 bits of
  collision resistance needed to achieve the security strength.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1288545/+subscriptions


Follow ups

References