[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2094: rebuild (if necessary) PyCrypto eggs to use libgmp >= 5, to mitigate RSA timing attack
Tahoe-LAFS
trac at tahoe-lafs.org
Fri Mar 25 20:29:41 UTC 2016
#2094: rebuild (if necessary) PyCrypto eggs to use libgmp >= 5, to mitigate RSA
timing attack
-------------------------+-------------------------------------------------
Reporter: daira | Owner:
Type: defect | Status: new
Priority: normal | Milestone: undecided
Component: | Version: 1.10.0
packaging | Keywords: pycrypto-lib libgmp rsa security
Resolution: | sftp packaging eggs packaging
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by daira):
Twisted 16.0.0 removed their dependency on !PyCrypto.
Note that the cryptography library still uses the Python stdlib's `pow`
function when gmpy is not installed, and so *may* be vulnerable to the
same timing attack. gmpy is no longer maintained; cryptography should
probably switch to [https://pypi.python.org/pypi/gmpy2 gmpy2] which has
binary wheels.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2094#comment:3>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list