dwave-cloud-client icon indicating copy to clipboard operation
dwave-cloud-client copied to clipboard
verified publisher icon dwavesystems

hashlib.md5 doesn't work when FIPS is enabled

Open 29rou opened this issue 3 years ago • 4 comments

In Python >= 3.9, it should be rewritten as follows.

hashlib.md5(usedforsecurity=False)

https://github.com/dwavesystems/dwave-cloud-client/blob/442211d5279e9e6a96dc42175549caef66844970/dwave/cloud/client/base.py#L1832-L1834 Please refer to those page. http://blog.serindu.com/2019/11/12/django-in-fips-mode/ https://code.djangoproject.com/ticket/28401

29rou avatar Aug 04 '22 12:08 29rou

Hi, @29rou! Thanks for bringing our attention to this issue.

My understanding is this is an actual issue only on a "FIPS-compilant" system with a non-standard Python build. Is that correct?

Well, regardless of that, we do plan to stop using md5/checksum for problem chunk upload anyway. Can't comment on the timeline, but that should close this issue automatically.

randomir avatar Aug 04 '22 17:08 randomir

Yes, that is the correct perception. This problem is solved by eliminating md5/checksum, so I think it is ok. But until then, could a monkey patch be the solution on our environment?

29rou avatar Aug 04 '22 21:08 29rou

Sure, feel free to monkey-patch it locally. I'm just reluctant to make that change in the cloud-client.

randomir avatar Aug 04 '22 21:08 randomir

Thank you very much. I will patch it to my local environment and use it until a revised release is available.

29rou avatar Aug 04 '22 21:08 29rou