Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2
| От | John Scalia |
|---|---|
| Тема | Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 |
| Дата | |
| Msg-id | 0E0A011F-2A75-4134-979B-D697BFDE80C3@gmail.com обсуждение исходный текст |
| Ответ на | Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2 (Bruce Momjian <bruce@momjian.us>) |
| Список | pgsql-hackers |
FIPS only specifies which algorithms are approved for use on it. For instance, MD-5 is NOT approved at all under FIPS. Iwould say any algorithm should produce the same result regardless of where it is run. BTW, on Redhat servers, the firstalgorithm listed for use with SSH is MD-5. This causes the sshd daemon to abort when FIPS is enabled and that configfile has not been edited. So, you can no longer connect with an SSH client as the daemon isn’t running. Ask me howI know this. Sent from my iPad > On Sep 25, 2020, at 3:39 PM, Bruce Momjian <bruce@momjian.us> wrote: > > On Fri, Sep 25, 2020 at 03:38:22PM -0400, John Scalia wrote: >> Bruce, >> >> In my experience, any client is permitted to connect to FIPS140-2 compliant server. I set this up when I worked at SSA,at management’s request. > > My question is whether the hash output would match if using different > code. > > -- > Bruce Momjian <bruce@momjian.us> https://momjian.us > EnterpriseDB https://enterprisedb.com > > The usefulness of a cup is in its emptiness, Bruce Lee >
В списке pgsql-hackers по дате отправления: