Gravatar icons require us to calculate MD5 SHAs, which is incompatible with FIPS
Description
As requested by by customer:
Our servers have to be FIPS compliance(FIPS does not allow MD5 hashes) ... ultimately AES256-SHA
Proposal
It looks like we use the digest/md5
library in 2 places:
$ ag digest/md5
app/helpers/application_helper.rb
1:require 'digest/md5'
app/models/key.rb
1:require 'digest/md5'
According to the customer MD5 is not FIPS compliant. Are we able to use another hashing algorithm instead? Or make it a configurable option?
The second case is tracked in https://gitlab.com/gitlab-org/gitlab-ce/issues/20502 - this issue tracks thefirst case
This admin panel already supports this setting
Links / references
https://gitlab.zendesk.com/agent/tickets/82412
Overview
What is it?
- FIPS compliant cryptography hashing
Why should someone use this feature?
- Because they are required to meet compliance in order to use GitLab
What is the underlying (business) problem?
- Due to company policy, customer cannot use MD5 hashes.
Use cases
Customers who are required to maintain FIPS compliancy.
Feature checklist
Make sure these are completed before closing the issue, with a link to the relevant commit.
-
Feature assurance -
Documentation -
Added to features.yml