[tahoe-lafs-trac-stream] [tahoe-lafs] #1586: "PowmInsecureWarning: Not using mpz_powm_sec" warning from PyCrypto

tahoe-lafs trac at tahoe-lafs.org
Thu Oct 17 14:43:19 UTC 2013


#1586: "PowmInsecureWarning: Not using mpz_powm_sec" warning from PyCrypto
----------------------------+--------------------------
     Reporter:  davidsarah  |      Owner:  somebody
         Type:  defect      |     Status:  reopened
     Priority:  normal      |  Milestone:  eventually
    Component:  packaging   |    Version:  1.9.0b1
   Resolution:              |   Keywords:  pycrypto-lib
Launchpad Bug:              |
----------------------------+--------------------------
Changes (by daira):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 Well, the potential timing vulnerability is not fixed. (It affects only
 the SFTP frontend, and is documented at [wiki:SftpFrontend#Security],
 which I just updated to reflect that !PyCrypto 2.4.1 is still vulnerable.)

 As the message clearly says, someone "should rebuild [!PyCrypto] using
 libgmp >= 5". Reopening in order to close as "somebody else's problem".

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1586#comment:8>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage


More information about the tahoe-lafs-trac-stream mailing list