4

I generate md5 content hashes for upload verification, but it has recently come to my attention that this will fail for any users running on a FIPS enabled machine. FIPS disables openssl md5, resulting in a ValueError when I try to initialize hashlib. Normally I would use SHA instead, but I'm relying on an external service which requires a content-md5 header.

My question is this: Is there any way to force Python to use a non-openssl hashing function? There was some talk here about adding a usedforsecurity flag, but it doesn't seem to have gone anywhere.

Jordon Phillips
  • 14,963
  • 4
  • 35
  • 42
  • Several years on - Python 3.9+ includes `usedforsecurity` as noted in the link to issue 9216. You still should read & understand the accepted answer so you do not use md5 unless you know what you're doing and why you're doing it. – Dan Oct 06 '21 at 00:16

2 Answers2

5

Flag usedforsecurity=False is available only on some of the distributions as it is not part of the upstream. You can find in in Red Hat Enterprise Linux and derivates (CentOs, Scientific Linux, Oracle Unbreakable Linux, ...).

You are free to use md5 (and other cryptographically dangerous hashes) only for non-crypto stuff, e.g. using it for caching results.

md5=hashlib.new('md5',usedforsecurity=False) md5.update(data_to_hash) hex=md5.hexdigest()

Marek Grác
  • 743
  • 9
  • 24
3

The answer to "how can I send a content-md5 header from a FIPS mode machine" is you don't use non-FIPS validated algorithms when FIPS mode is enabled as you would likely be violating federal regulations or organizational policy by doing so, since the only significant reason to FIPS enable a machine is if there is a regulatory (or perhaps preventive policy) requirement to do so.

There is some discussion in this github issues list as well, suggesting that content-md5 must be optional.

Give that regulatory requirement, you CANNOT use MD5, since it is not a FIPS compliant algorithm, and therefore CANNOT have a FIPS validated(!) implementation.

You need to do one of the following:

  • get that service to not require the content-md5 header

  • use a different service

  • use a different originating machine which is not required to be in FIPS mode

If your management needs a reference, see Annex A Approved Security Functions for FIPS PUB 140-2, straight from nist.gov.

Anti-weakpasswords
  • 2,604
  • 20
  • 25
  • I read somewhere that md5 was allowed when the origin was the FIPS machine, but it shouldn't be used for verification of hashes from other sources. I can't find a credible source for that, however, so I'll have to assume it's hogwash. Thanks for the confirm! – Jordon Phillips Feb 24 '16 at 04:19
  • Happy to help. I added a link to Annex A in case your management needs a kick from compliance. – Anti-weakpasswords Feb 24 '16 at 04:27
  • 1
    @JordonPhillips you are right. It is possible to use md5sum for non-crypto tasks e.g. caching. – Marek Grác Jun 09 '17 at 15:55