[tahoe-lafs-trac-stream] [tahoe-lafs] #1586: "PowmInsecureWarning: Not using mpz_powm_sec" warning from PyCrypto
tahoe-lafs
trac at tahoe-lafs.org
Thu Oct 10 19:25:48 UTC 2013
#1586: "PowmInsecureWarning: Not using mpz_powm_sec" warning from PyCrypto
----------------------------+--------------------------
Reporter: davidsarah | Owner: somebody
Type: defect | Status: closed
Priority: normal | Milestone: eventually
Component: packaging | Version: 1.9.0b1
Resolution: fixed | Keywords: pycrypto-lib
Launchpad Bug: |
----------------------------+--------------------------
Changes (by zooko):
* status: new => closed
* resolution: => fixed
Old description:
> This warning occurs when importing !PyCrypto 2.4.1 (possibly depending on
> how the !PyCrypto egg for the current platform was built):
>
> {{{
> /usr/local/lib/python2.6/dist-packages/pycrypto-2.4.1-py2.6-linux-
> x86_64.egg/Crypto/Util/number.py:57: PowmInsecureWarning: Not using
> mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing
> attack vulnerability.
> }}}
>
> We probably just need to accelerate the programme to get rid of our
> dependency (via Twisted) on !PyCrypto:
> http://twistedmatrix.com/trac/ticket/4633
New description:
This warning occurs when importing !PyCrypto 2.4.1 (possibly depending on
how the !PyCrypto egg for the current platform was built):
{{{
/usr/local/lib/python2.6/dist-packages/pycrypto-2.4.1-py2.6-linux-
x86_64.egg/Crypto/Util/number.py:57: PowmInsecureWarning: Not using
mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack
vulnerability.
}}}
We probably just need to accelerate the programme to get rid of our
dependency (via Twisted) on !PyCrypto:
http://twistedmatrix.com/trac/ticket/4633
--
Comment:
This was apparently fixed by the warning-suppression patch
[4b80299fddd7ece4].
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1586#comment:7>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list