[tahoe-lafs-trac-stream] [tahoe-lafs] #1586: "PowmInsecureWarning: Not using mpz_powm_sec" warning from PyCrypto
tahoe-lafs
trac at tahoe-lafs.org
Thu Oct 17 14:43:19 UTC 2013
#1586: "PowmInsecureWarning: Not using mpz_powm_sec" warning from PyCrypto
----------------------------+--------------------------
Reporter: davidsarah | Owner: somebody
Type: defect | Status: reopened
Priority: normal | Milestone: eventually
Component: packaging | Version: 1.9.0b1
Resolution: | Keywords: pycrypto-lib
Launchpad Bug: |
----------------------------+--------------------------
Changes (by daira):
* status: closed => reopened
* resolution: fixed =>
Comment:
Well, the potential timing vulnerability is not fixed. (It affects only
the SFTP frontend, and is documented at [wiki:SftpFrontend#Security],
which I just updated to reflect that !PyCrypto 2.4.1 is still vulnerable.)
As the message clearly says, someone "should rebuild [!PyCrypto] using
libgmp >= 5". Reopening in order to close as "somebody else's problem".
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1586#comment:8>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list