[reportlab-users] UC fips compliant

Satchell Julian JSSATCHELL at qinetiq.com
Tue Sep 21 11:46:37 EDT 2021

SHA-1 is no longer recommended, as collision attacks on it are well known. Minimum is something in the SHA2 family, depending on strength / length requirement.

Julian Satchell

From: reportlab-users <reportlab-users-bounces at lists2.reportlab.com> On Behalf Of Shea, Steven K
Sent: 21 September 2021 16:23
To: reportlab-users at lists2.reportlab.com
Subject: [reportlab-users] fips compliant

Report Lab is using mds to create hashes. Mds is not fips compatible. We had to change that code to use sha1. It's a simple change.

Steven Shea
Staff Software Engineer

This email and any attachments to it may be confidential and are
intended solely for the use of the individual to whom it is 
addressed. If you are not the intended recipient of this email,
you must neither take any action based upon its contents, nor 
copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. QinetiQ retains 
personal data relating to our customers and partners for the 
purposes of conducting a business relationship, communicating
and marketing to them as well as to providing invitations to 
upcoming events.  
Please see our Privacy Notice ( https://www.qinetiq.com/Privacy-Policy )
for further information.  In accordance with our Privacy Notice, you
have the right to withdraw your consent at any time. QinetiQ may 
monitor email traffic data and also the content of email for 
the purposes of security. QinetiQ Limited (Registered in England
& Wales: Company Number: 3796233) Registered office: Cody Technology 
Park, Ively Road, Farnborough, Hampshire, GU14 0LX  https://www.qinetiq.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist2.pair.net/pipermail/reportlab-users/attachments/20210921/88eea835/attachment.htm>

More information about the reportlab-users mailing list