Closed agelwarg closed 7 years ago
One option using a SHA256: https://github.com/agelwarg/mini_portile/commit/399fefc35f357157c1e19682755137c3a447cd61
Another option not using any digest: https://github.com/agelwarg/mini_portile/commit/f41e42e5b1e7b90ce21a83576df58ef89f9aef0b
It looks like an MD5 digest is used in
MiniPortile#configure
andMiniPortile#configured?
. It looks like security is not a concern given what it's used for. However, this will fail on an OS running in FIPS mode as MD5 is not an accepted digest algorithm. One option is to use a supported algorithm, such asDigest::SHA256
, but that may not even be necessary as you might even be okay to usecomputed_options.to_s
without hashing it. Thoughts?For reference, the failure can be demonstrated on a FIPS-enabled system as follows: