| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Filip Janus <fjanus(at)redhat(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SHA-1 FIPS - compliance |
| Date: | 2021-07-08 13:58:35 |
| Message-ID: | 20210708135835.GC11707@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jul 8, 2021 at 02:33:33PM +0200, Filip Janus wrote:
> Hi all,
> I am a new maintainer of PostgreSQL in Fedora and RHEL. Currently, I am solving
> usage SHA-1 for key-derivation in pgcrypto (the s2k-digest-algo). In the
> documentation, I have found that there are options SHA-1 or MD5. Unfortunately,
> none of these algorithms are FIPS compliant. So I would like to ask if exists a
> possibility to add or enable support for some type of stronger hash algorithm?
I don't know of any official way to disable them, but I do know that PG
14 will use a different set of algorithms that are more FIPS-compliant
because we rely more on the OpenSSL for its implementation (or
blockage).
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | gkokolatos | 2021-07-08 14:18:40 | Re: Teach pg_receivewal to use lz4 compression |
| Previous Message | Alvaro Herrera | 2021-07-08 13:57:32 | Re: Pipeline mode and PQpipelineSync() |