yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1288545] Re: Ensure digital signatures in Glance are a minimum of SHA2

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 05 Feb 2015 21:56:28 -0000
Reply-to: Bug 1288545 <1288545@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: glance
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1288545

Title:
  Ensure digital signatures in Glance are a minimum of SHA2

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released

Bug description:
  It would be great to enhance Glance to use minimum of SHA2 to do
  digital signature for FIPS compliance.

  In FIPS(FEDERAL INFORMATION PROCESSING STANDARDS) says the SHA-1 is
  not suitable for general-purpose digital signature applications (as
  specified in FIPS 186-3) that require 112 bits of security. In the
  case of digital signatures, SHA-1 does not provide the 112 bits of
  collision resistance needed to achieve the security strength.

  NOTE: This fix may impact the upgrade.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1288545/+subscriptions

References

[Bug 1288545] [NEW] Ensure digital signatures in Glance are a minimum of SHA2
From: Fei Long Wang, 2014-03-06