Not FIPS compliant - Githubissues

sjdirect / abot

Cross Platform C# web crawler framework built for speed and flexibility. Please star this project! +1.

Apache License 2.0

2.25k stars 559 forks source link

Not FIPS compliant #184

Closed lansdon2 closed 5 years ago

lansdon2 commented 6 years ago

The current implementation of CompactCrawledUrlRepository uses Md5 as your hashing algorithm. This is not a FIPS compliant algorithm and can cause applications not to work on high security networks. Converting to SHA1 is trivial and would make it FIPS compliant.

Here's the code to fix it: // CURRENT HASH FUNCTION //protected byte[] ToMd5Bytes(string p_String) //{ // using (MD5 md5 = MD5.Create()) // { // return md5.ComputeHash(Encoding.Default.GetBytes(p_String)); // } //}

   // SHA1 HASH FUNCTION
    protected byte[] ToSha1Bytes(string p_String)
    {
        using (var sha1 = SHA1.Create())
        {
            return sha1.ComputeHash(Encoding.Default.GetBytes(p_String));
        }
    }

sjdirect commented 6 years ago

same as issue #156

sjdirect commented 5 years ago

I took your suggestion with the big v2 changes that are now available in nuget. Let me know if you have anymore fips issues.

lansdon2 commented 5 years ago

Sounds good! We'll check it out.

Thanks, Lansdon

On Sun, Sep 1, 2019 at 9:55 PM Steven notifications@github.com wrote:

I took your suggestion with the big v2 changes that are now available in nuget. Let me know if you have anymore fips issues.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sjdirect/abot/issues/184?email_source=notifications&email_token=AI474KFO235HRK77WYEVOETQHSMEDA5CNFSM4E3QWGL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5UWM3Q#issuecomment-527001198, or mute the thread https://github.com/notifications/unsubscribe-auth/AI474KBPWMLV6ED7N25DX53QHSMEDANCNFSM4E3QWGLQ .