Issue
The parameter usedforsecurity was added to every hash function in hashlib in Python 3.9.
Changed in version 3.9: All hashlib constructors take a keyword-only argument usedforsecurity with default value True. A false value allows the use of insecure and blocked hashing algorithms in restricted environments. False indicates that the hashing algorithm is not used in a security context, e.g. as a non-cryptographic one-way compression function.
However, this provides zero guidance on
- When you should use
usedforsecurity - When you should not use
usedforsecurity - What "restricted environments" are
And while I'm not a security researcher, I darn well know md5 is not secure in any sense of the word. Consequently, the name usedforsecurity boggles my mind in more ways than one.
What is the point of usedforsecurity?
Solution
TL;DR For almost everyone, ignore the flag, it has no effect whatsoever.
The full story involves FIPS and how that gets exposed as a python API.
For our purposes, FIPS is a standard that supposedly specifies a safe set of practices. In certain scenarios (e.g. writing software for US government agencies), you are forced to comply with FIPS.
To comply with FIPS, your python would have had FIPS mode turned on by building python with FIPS enabled from source. This is the "restricted environment" mentioned in the documentation. If you have a standard python build, then you aren't complying with FIPS and the flag literally does nothing.
One aspect of FIPS is restricting the hash functions you are allowed to use. In particular, MD5 is not allowed under FIPS. When you use MD5 in a FIPS environment, you will encounter an error. That is what the introduction of usedforsecurity is supposed to fix: give you an escape hatch in the case that you truly want to use MD5 in a FIPS environment. The parameter is designed to be specified at each call site so it can be audited on a case by case basis.
There seems to be confusion on many sides that usedforsecurity has anything to do with security. It's not. Having it set to False doesn't reduce your security. On FIPS enabled environments, it does however switch your implementation of the hash function to one that was explicitly certified.
In conclusion, for all intents and purposes, the parameter might as well have been called exceptionforfips because that's the singular purpose it serves: as an escape hatch if you happen to work under a FIPS environment and still need to use a FIPS non-compliant hash. It is quite unfortunate it is part of the API for all users with a seriously misleading name.
Answered By - Passer By
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.