Comments (3)
Thanks for pointing out the existence of this flag in the standard lib - I didn't realize it was added back in 2020 ...
Still, I am not convinced and will not implement the proposal, because I don't agree it is a good idea in the first place.
-
It was not introduced in
hashlib
for security reasons (e.g., to combat misuse) but to make compliance to FIPS easier, and especially because of OpenSSL FIPS. This is described fully in the old GH issue that proposed the flag. Simply put, it is a way to demonstrate to an auditor that the Python program will not use non-FIPS hashes for security purposes (after having somehow convinced the auditor that the developer set the flag in the right way at each place, which is dubious... - and I wonder how your Detector establishes that? Does it simply trust the flag?). -
It is simply ugly and a bad pattern. FIPS doesn't cover only hashes, so by the same token that flag needs to be added to every single security algorithm (ciphers, MACs, etc). API calls will become much more verbose, for little value.
from pycryptodome.
Thanks for your prompt response. As you mentioned:
- The reason for setting the standard library as official due to FIPS, but this indeed serves as a good flag for auditor personnel to check whether it is in a secure context. The PyCryptodome documentation also posts warnings about the historic deprecated hashes algorithm like MD5 and SHA1, advising users against their use. To effectively promote this warning, I believe it can be achieved through this keyword-only argument.
- 'It is a way to demonstrate to an auditor that the Python program will not use non-FIPS hashes for security purposes.' However, due to the principle of minimum security, the default value of this parameter is True, implying that users are presumed to use it in a security context by default. It doesn't require developers to explicitly set the flag at each place. This flag is introduced just for more standardized use of hash functions.
- Regarding the principle behind our detector's implementation, which is aimed at detecting the use of insecure hash functions, it is based on matching the AST call node name pattern of insecure APIs. Additionally, for the hashlib library, we also match this parameter. In our detection results, about 2.5% of developers explicitly set this parameter to False.
from pycryptodome.
- I don't see it as "a good flag for auditor personnel" though. It is a flag that was added to 1 library, for a different purposes than yours, arguably not on the best technical grounds, and which is inflexible and with limited semantic value. Since you are effectively building a static analysis tool (like Coverity for instance), I would recommend you rather use common practices for such class of tools such as having users adding comments to flag a false positive (like in this case).
- You still assume that developers make the right decisions in setting this flag, and that the correct value is static, whereas it could depend on how the code is reached and with which data.
- The fact remains that the API is polluted for 100% of developers.
from pycryptodome.
Related Issues (20)
- Make PKCS8.wrap() parameters available when exporting keypair to PEM (feature request) HOT 1
- "AES" is unknown import symbolPylancereportGeneralTypeIssues (import) AES: Unknown HOT 4
- pycryptodome 3.20.0 fails on Debian armel HOT 1
- pycryptodome 3.20.0 fails on Debian mips64el HOT 1
- Question: What are the fix patches for CVE-2023-52323? HOT 4
- Evalue e'th modular root
- AES-GCM: why BLAKE2s? HOT 1
- Win10 FFIError: multiple declarations of function Salsa20_8_core (for interactive usage, try cdef(xx, override=True))
- Windows Deferder Error HOT 2
- errors in documentation HOT 1
- Problem Kodi 20.5 + pycryotodome HOT 3
- Possible dereference of null pointer. HOT 1
- XChaCha20 Inconsistencies
- CCM mode doesn't check message length
- Build failure on CPython `3.13t` (disabled GIL): would build wheel with unsupported tag HOT 4
- Import of rsa-pss public key failed HOT 1
- Feature request: AEGIS cipher
- RSA.generate produces the same key each time HOT 3
- _import_rfc5915_der expects optional parameter to be present HOT 1
- How to ensure that the pycryptodome library is secure and does not send passwords to the backend HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pycryptodome.