Gravatar icons require us to calculate MD5 SHAs, which is incompatible with FIPS
As requested by by customer:
Our servers have to be FIPS compliance(FIPS does not allow MD5 hashes) ... ultimately AES256-SHA
It looks like we use the
digest/md5 library in 2 places:
$ ag digest/md5 app/helpers/application_helper.rb 1:require 'digest/md5' app/models/key.rb 1:require 'digest/md5'
According to the customer MD5 is not FIPS compliant. Are we able to use another hashing algorithm instead? Or make it a configurable option?
The second case is tracked in https://gitlab.com/gitlab-org/gitlab-ce/issues/20502 - this issue tracks thefirst case
Links / references
What is it?
- FIPS compliant cryptography hashing
Why should someone use this feature?
- Because they are required to meet compliance in order to use GitLab
What is the underlying (business) problem?
- Due to company policy, customer cannot use MD5 hashes.
Customers who are required to maintain FIPS compliancy.
Make sure these are completed before closing the issue, with a link to the relevant commit.