Red Hat Bugzilla – Bug 977702
python-paste failures in fips mode
Last modified: 2014-06-17 08:48:01 EDT
python-paste code can fail in few places in fips code due to usage of md5:
- paste/auth/auth_tkt.py - confirming digest of auth ticket - imho this is ok to fail, since md5 is not entirely secure for this purpose
- paste/auth/digest.py - used for authentication purposes - again, seems to be ok to fail, since md5 shouldn't be used for secure authentication
- /paste/session.py - generating session id - again, this seems to be ok to fail, since generating session id should be super secure
As per the original bug report, the mentioned functions should be failing in FIPS mode, so I'm closing this bug as wontfix.