Create blob files with SHA-256 hashing enabled instead of MD5

Avatar
Collin Harrison

I'm requesting that Nerdio be made able to create blob files with SHA-256 hashing enabled instead of the wekaer MD-5 algorithm. This is an urgent matter.

I manage an AVD environment in the Azure U.S. Government Cloud that requires all VMs comply with FIPS 140-2 complance. FIPS 140-2 compliant hashing algorithms do not include MD-5. Currently, MD-5 is the default hashing algorithm used when creating Nerdio scripted actions. This causes a huge problem when building new VMs or running scripted actions on existing VMs. The scripted action, and even winget app installs, will fail with a download error. Drilling into this error will reveal this error message: “This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.” 

We will soon be required to enable FIPS on all our VMs, but with the FIPS settings configured on the VMs, we cannot provision new VMs to the AVD pools or modify existing VMs until the hashing issue is resolved.

0

Comments (3 comments)

Sort by
0
Avatar
Carl Long
Thank you for submitting your feature request—we truly value input from our community.

Next steps:
     • We will review your request and update its status as it progresses through our evaluation process.
     • If any clarification is needed, we'll follow up with you directly in the comments.

We also encourage the community to influence our decision through comments, votes, and feedback.
0
Avatar
Nerdio Support

Collin Harrison  thank you for submitting this request. We will capture and discuss with our development team. 

0
Avatar
Toby Skerritt
(Edited )

Hi Collin Harrison , we have been investigating your request, but we don't see a clear path to resolve this.

The actual blob contents are stored as SHA-256 encryption by default (and optionally customers can use CMK instead), however the hashing (which correlates to the 'Content-MD5' field that's displayed on the blob object properties) appears to be a native Azure property which doesn't have any options to customize beyond disabling the hashing entirely.

Example:

Here is the Microsoft KB document we have used to research this property. 

https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.storage.blob.blobrequestoptions.storeblobcontentmd5

If we are misunderstanding the request, please let me know so that we can investigate further. If this specific property is causing you issues, please raise a support request with Azure support, we would be happy to work with them and you to reach the required outcome, but we don't see any options at this point.

 

 

Please sign in to leave a comment.