Skip to content

Use FIPS Compliant sha256 algorithm for hashing #13318

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Use FIPS Compliant sha256 algorithm for hashing #13318

wants to merge 1 commit into from

Conversation

dannyfreeman
Copy link

Purpose

md5 and md4 (the webpack default) hashes are disabled on FIPS compliant systems.

Additionally sha256 is less prone to collisions.

See issue #11214

Verification

I verified these changes by:

  1. Running npm install
  2. Running npm start
  3. Verifying that http://localhost:3000 loads the react template app.
  4. Modifying ./packages/cra-template/template/src/App.js and observing the changes made are reflected on http://localhost:3000.

Additionally I ran npm run build before and after my changes were applied to see that the filenames under ./build/static/js reflect the changed hash algorithm.

Output of ls build/static/js after npm run build on commit 4170341

415.19472006.chunk.js  415.19472006.chunk.js.map  main.0b66650c.js  main.0b66650c.js.LICENSE.txt  main.0b66650c.js.map

Output of ls build/static/js after npm run build on commit 0a827f6

415.4a4b4c13.chunk.js  415.4a4b4c13.chunk.js.map  main.a5b8cfff.js  main.a5b8cfff.js.LICENSE.txt  main.a5b8cfff.js.map

Output of ls build/static/js after npm run build on commit 4170341 (again)

415.19472006.chunk.js  415.19472006.chunk.js.map  main.0b66650c.js  main.0b66650c.js.LICENSE.txt  main.0b66650c.js.map

@dannyfreeman
Use FIPS Compliant sha256 algorithm for hashing
4170341 
md5 and md4 (the webpack default) hashes are disabled on FIPS compliant
systems.

Additionally sha256 is less prone to collisions.

See issue #11214
@facebook-github-bot
Copy link

Hi @dannyfreeman!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at [email protected]. Thanks!

@dannyfreeman
Copy link
Author

Sorry I refuse to sign a CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dannyfreeman @facebook-github-bot