[EXTERNAL] MD5 and FIPS

[Sands, Daniel]

What does the FIPS certificate security policy say in regards to the use of algs such as MD5?   If you look at the FIPS Security policy for boring crypto (cert# 4407) Section 9.2 for example, it specifically states that MD5 is allowed for TLS1.0 and 1.1 although non-approved for FIPS140-2.  Additionally, I find it extremely interesting that the table directly below that in Section 9.3, states MD5 is non-Approved and if you do use it you are in "non-Approved mode".  There is no FIPS enforcement by the module.  This puts the responsibility on application developer.  The crypto module doesn't claim to have knowledge of the use of the algorithm.

As noted, yeah the final answer may be subjective, and may depend on who reviews it and what mood the reviewer is in at the time.  I would note that again the context above is MD5 in a cryptographic context, same in the AWS context also.  Our application is non-cryptographic, the exact same use as CRC32, Adler, etc.  (which we also offer as choices for file checksums).  So I'm fairly confident that this use would be left out of scope, but I also know that Kafka's legacy still lives.  If anything, this may be a cautionary tale about using cryptographically-intended algorithms for file checksums.

I do appreciate that OpenSSL 3 stepped back out of the enforcement game though.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230202/b7a70df6/attachment.htm>