有什么方法可以将非openssl md5用于python中的hashlib吗? [英] Is there any way to use non-openssl md5 for hashlib in python?
问题描述
我生成了md5内容散列以进行上传验证,但是最近引起我注意的是,对于在启用了FIPS的计算机上运行的所有用户,此操作都将失败.当我尝试初始化hashlib时,FIPS禁用openssl md5,结果为ValueError
.通常我会改用SHA,但是我依赖于需要content-md5标头的外部服务.
I generate md5 content hashes for upload verification, but it has recently come to my attention that this will fail for any users running on a FIPS enabled machine. FIPS disables openssl md5, resulting in a ValueError
when I try to initialize hashlib. Normally I would use SHA instead, but I'm relying on an external service which requires a content-md5 header.
我的问题是:有什么方法可以强制Python使用非openssl哈希函数? 此处关于添加usedforsecurity
标志的讨论,但似乎并没有解决
My question is this: Is there any way to force Python to use a non-openssl hashing function? There was some talk here about adding a usedforsecurity
flag, but it doesn't seem to have gone anywhere.
推荐答案
如何从FIPS模式计算机发送content-md5标头"的答案是您不使用未经FIPS验证的算法启用FIPS模式,因为这样做可能会违反联邦法规或组织政策,因为FIPS启用计算机的唯一重要原因是是否存在监管(或预防政策)要求
The answer to "how can I send a content-md5 header from a FIPS mode machine" is you don't use non-FIPS validated algorithms when FIPS mode is enabled as you would likely be violating federal regulations or organizational policy by doing so, since the only significant reason to FIPS enable a machine is if there is a regulatory (or perhaps preventive policy) requirement to do so.
在此github问题列表中也进行了一些讨论,这表明content-md5必须是可选的.
There is some discussion in this github issues list as well, suggesting that content-md5 must be optional.
鉴于法规要求,您不能使用MD5,因为它不是FIPS兼容算法,因此不能具有FIPS经过验证的(!)实现.
Give that regulatory requirement, you CANNOT use MD5, since it is not a FIPS compliant algorithm, and therefore CANNOT have a FIPS validated(!) implementation.
您需要执行以下一项操作:
You need to do one of the following:
-
使该服务不需要content-md5标头
get that service to not require the content-md5 header
使用其他服务
使用不需要处于FIPS模式的其他原始计算机
use a different originating machine which is not required to be in FIPS mode
如果您的管理层需要参考,请参见附录A批准的安全功能FIPS PUB 140-2 ,直接来自nist.gov.
If your management needs a reference, see Annex A Approved Security Functions for FIPS PUB 140-2, straight from nist.gov.
这篇关于有什么方法可以将非openssl md5用于python中的hashlib吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!