MD5 to AES256 SHA to meet FIPS compliance

---

Description

As requested by by customer:

Our servers have to be FIPS compliance(FIPS does not allow MD5 hashes) ... ultimately AES256-SHA

Proposal

It looks like we use the digest/md5 library in 2 places:

$ ag digest/md5
app/helpers/application_helper.rb
1:require 'digest/md5'

app/models/key.rb
1:require 'digest/md5'

According to the customer MD5 is not FIPS compliant. Are we able to use another hashing algorithm instead? Or make it a configurable option?

Links / references

https://gitlab.zendesk.com/agent/tickets/82412

Overview

What is it?

• FIPS compliant cryptography hashing

Why should someone use this feature?

• Because they are required to meet compliance in order to use GitLab

What is the underlying (business) problem?

• Due to company policy, customer cannot use MD5 hashes.

Use cases

Customers who are required to maintain FIPS compliancy.

Feature checklist

Make sure these are completed before closing the issue, with a link to the relevant commit.

• Feature assurance
• Documentation
• Added to features.yml