Skip to content
This repository has been archived by the owner on Aug 25, 2024. It is now read-only.

util: crypto: Create secure_hash and insecure_hash functions #297

Closed
pdxjohnny opened this issue Jan 8, 2020 · 2 comments · Fixed by #1023
Closed

util: crypto: Create secure_hash and insecure_hash functions #297

pdxjohnny opened this issue Jan 8, 2020 · 2 comments · Fixed by #1023
Labels
enhancement New feature or request good first issue Good for newcomers p2 Medium Priority tS Esitmated Time To Complete: Short
Milestone
0.5.0 Beta Release

Comments

@pdxjohnny
Copy link
Member

Throughout the codebase we have calls to hashlib, usually md5, sha256, or sha384.

It would be good to have the calls to hashlib go through a helper function. So we can better track where hashes are being used for convenience (to shorten an otherwise long value), or where hashes are being used there might be a security consequnce to using the wrong hash.

Change to insecure_hash

  • md5 is currently only used in the dataflow visualization.
  • In the model saving and loading code (_filename and similar)

Use secure_hash

  • Everywhere in df/memory.py (until further notice)
  • Everywhere else
@pdxjohnny pdxjohnny added enhancement New feature or request p2 Medium Priority tS Esitmated Time To Complete: Short labels Jan 8, 2020
@pdxjohnny pdxjohnny added this to the 0.3.3 Alpha Release milestone Jan 8, 2020
@pdxjohnny pdxjohnny mentioned this issue Jan 8, 2020
Closed
@pdxjohnny pdxjohnny modified the milestones: 0.3.4 Alpha Release, 0.3.5 Feb 29, 2020
@pdxjohnny pdxjohnny added the good first issue Good for newcomers label Jul 29, 2020
@sanjibansg
Copy link
Contributor

I would like to work on this issue, will be grateful for guidance to approach this. @pdxjohnny

@sanjibansg sanjibansg mentioned this issue Mar 1, 2021
Merged
@sanjibansg
Copy link
Contributor

Initial PR made. Do review. @pdxjohnny

pdxjohnny pushed a commit to sanjibansg/dffml that referenced this issue Mar 25, 2021
@sanjibansg @pdxjohnny
util: crypto: Add secure/insecure_hash functions
9d03cfd 
Remove usages of hashlib throughout the codebase to make auditing
easier.

Fixes: intel#297
pdxjohnny pushed a commit that referenced this issue Mar 27, 2021
@sanjibansg @pdxjohnny
util: crypto: Add secure/insecure_hash functions
2174a51 
Remove usages of hashlib throughout the codebase to make auditing
easier.

Fixes: #297
pdxjohnny pushed a commit to pdxjohnny/dffml that referenced this issue Mar 11, 2022
@sanjibansg @pdxjohnny
util: crypto: Add secure/insecure_hash functions
c88dbe4 
Remove usages of hashlib throughout the codebase to make auditing
easier.

Fixes: intel#297
pdxjohnny pushed a commit that referenced this issue Mar 12, 2022
@sanjibansg @pdxjohnny
util: crypto: Add secure/insecure_hash functions
90d3e0a 
Remove usages of hashlib throughout the codebase to make auditing
easier.

Fixes: #297
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers p2 Medium Priority tS Esitmated Time To Complete: Short
Projects
None yet
Milestone
0.5.0 Beta Release
Development

Successfully merging a pull request may close this issue.

util: crypto: Create secure_hash and insecure_hash functions sanjibansg/dffml
2 participants
@pdxjohnny @sanjibansg