Use SHA256 instead of MD5 in randio()

- Supports Redhat/FIPS compliance - Closes Issue #626 - Resolve Pull #627
2026-02-06 13:56:49 +00:00 · 2022-07-03 00:40:12 -05:00 · 2022-07-03 00:40:12 -05:00 · ad21926efd
commit ad21926efd
parent 2a5edfaebb
3 changed files with 8 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -17,7 +17,8 @@ Features:

 Refactoring:

- None
+- `[utils.misc]` Use SHA256 instead of MD5 in `randio()` to support Redhap/FIPS compliance. Limit to 32 characters for backward compatibility.
+    - [Issue #626](https://github.com/datafolklabs/cement/issues/626)


 Misc:
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@ -18,3 +18,4 @@ documentation, or testing:
 - Adam Hodges (ajhodges)
 - Stelios Tymvios (namedLambda)
 - Spyros Vlachos (devspyrosv)
+- Joe Roberts (jjroberts)
--- a/cement/utils/misc.py
+++ b/cement/utils/misc.py
@ -10,7 +10,7 @@ from random import random

 def rando(salt=None):
    """
-    Generate a random MD5 hash for whatever purpose.  Useful for testing
+    Generate a random hash for whatever purpose.  Useful for testing
    or any other time that something random is required.

    Args:
@ -18,7 +18,7 @@ def rando(salt=None):
            is used.

    Returns:
-        str: Random MD5 hash
+        str: Random hash

    Example:

@ -33,7 +33,9 @@ def rando(salt=None):
    if salt is None:
        salt = random()

-    return hashlib.md5(str(salt).encode()).hexdigest()
+    # issue-626: Use sha256 for compatibility with Redhat/FIPS restricted
+    # policies. Return only 32 chars for backward compat with previous md5
+    return hashlib.sha256(str(salt).encode()).hexdigest()[:32]


 class MinimalLogger(object):