AFAIK we are not using any self-develop cryptography, just regular Ruby and
Rails algorighms like md5, sha, X509, UNIX
crypt, ActiveSupport::MessageEncryptor and stuff like that.
If you are going to do security audit, please share your results. Keep in
mind that if you found a security bug, use foreman-security@ email for
communication (more on this at Foreman :: Security).
LZ
···
On Tue, Nov 29, 2016 at 12:10 PM, 'Aditya Gupta' via foreman-dev < foreman-dev@googlegroups.com> wrote:
Hello All,
We are planning to use foreman for deployment and we need to answer below
question to classify whether we can use it or not :
Does it contain any kind of
encryption/decryption functionality besides
a. Authentication
b. Hashing
If it contains such an encryption
functionality, …
Is it based on a public available algorithm/library or is it a
self-developed algorithm
What is the name of the encryption library or algorithm
i. Is it symmetric or
asymmetric?
ii. What is the maximum
supported key length?
iii. Is it linked dynamically,
statically, a standard API call or something different (provided as a
result of a different tool, command line interface, …)
