Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TT-2000] - Default hash algorithm to SHA256 for FIPS compliance #3204

Closed
mcandre opened this issue Jul 10, 2020 · 3 comments
Closed

[TT-2000] - Default hash algorithm to SHA256 for FIPS compliance #3204

mcandre opened this issue Jul 10, 2020 · 3 comments
Labels
enhancement zendesk

Comments

@mcandre
Copy link

mcandre commented Jul 10, 2020

https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
@buger
Copy link
Member

buger commented Jul 11, 2020

Hi! Can you add a bit more context to it?
With Tyk default algorithm is fast murmur64 but optionally you can set sha256, so if you need to pass verification it should be enough.

Am I missing anything?

@mcandre
Copy link
Author

mcandre commented Jul 27, 2020

My performance tests don't show much of a measurable time difference between them. And murmur32, the default configuration value, has a nasty habit of implicitly truncating hashes when validating, which can be hazardous.

@vverbani vverbani changed the title Default hash algorithm to SHA256 for FIPS compliance [TT-2000] - Default hash algorithm to SHA256 for FIPS compliance Mar 26, 2021
@andyo-tyk
Copy link
Contributor

Closing this ticket, as FIPS compliance is being actively discussed in #4559

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement zendesk
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mcandre @buger @vverbani @andyo-tyk