Re: SHA-1 FIPS - compliance
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Filip Janus <fjanus@redhat.com>
Cc: pgsql-hackers@postgresql.org
Date: 2021-07-08T13:58:35Z
Lists: pgsql-hackers
On Thu, Jul 8, 2021 at 02:33:33PM +0200, Filip Janus wrote: > Hi all, > I am a new maintainer of PostgreSQL in Fedora and RHEL. Currently, I am solving > usage SHA-1 for key-derivation in pgcrypto (the s2k-digest-algo). In the > documentation, I have found that there are options SHA-1 or MD5. Unfortunately, > none of these algorithms are FIPS compliant. So I would like to ask if exists a > possibility to add or enable support for some type of stronger hash algorithm? I don't know of any official way to disable them, but I do know that PG 14 will use a different set of algorithms that are more FIPS-compliant because we rely more on the OpenSSL for its implementation (or blockage). -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com If only the physical world exists, free will is an illusion.