Stephen John Smoogen <smooge(a)gmail.com> writes:
On Mon, 8 Nov 2021 at 04:32, Michael Schroeder <mls(a)suse.de>
wrote:
>
> On Sat, Nov 06, 2021 at 07:43:02AM -0000, Daniel Alley wrote:
> > Another issue - which is not per-se a security issue but it's still a
problem - is that deltarpm uses md5 checksums pervasively. They're everywhere. And
it uses its own implementation of md5 which doesn't respect FIPS, so even when the
user has *explicitly* configured their system to not use md5 for anything
security-relevant, libdeltarpm won't know or care.
>
> They are used as a consistency check, it might as well use crc32.
> So I don't see why FIPS is a concern for you.
>
In order to get the overall system to be FIPS (and equivalent EU/RU/CN
ones) certified all the implementations of various functions have to
be audited and reviewed. Some must be able to be turned off no matter
what. It doesn't matter if 99 of the 100 versions of md5um are only
for consistency, they must be able to be turned off/not used and not
affect the system.
I don't think that's quite accuroate. If the crypto primitive isn't
being used for security, then FIPS isn't interested - FIPS is only
certifying the cryptography used, and this isn't it. (It's non-FIPS
relevant.)
This leads to a very common workaround for legacy cryptosystems of
tunneling the "bad" crypto in something else: one example is interacting
with RC4 and NTLM, where they're still used but over a tunnel (TLS, VPN,
etc.) that doesn't expose them.
Be well,
--Robbie