Opened at 2015-10-26T17:57:09Z
Closed at 2016-10-12T09:08:39Z
#98 closed enhancement (wontfix)
upgrade to Crypto++ v5.6.3
Reported by: | zooko | Owned by: | |
---|---|---|---|
Priority: | blocker | Milestone: | |
Version: | 0.5.29 | Keywords: | |
Cc: | Launchpad Bug: |
Description
Crypto++ is under new maintainership, led by Jeffrey Walton. I'm one of the co-maintainers who participates in the private email discussion about what changes to make and so forth. IMO Jeffrey Walton is doing a great job of quality assurance, testing, careful implementation, code-auditing, etc., and I feel very good about increased safety/reliability of Crypto++ under his watch. Here's his release announcement for Crypto++ 5.6.3:
http://www.mail-archive.com/cryptopp-users@googlegroups.com/msg08386.html
I think pycryptopp should upgrade to Crypto++ 5.6.3 ASAP (although I *also* still think that we should disable assembly optimizations ASAP! — #85 — most of the bugs and compatibility issues that Jeffrey has been fighting would disappear with that change!)
Change History (4)
comment:1 Changed at 2015-10-26T19:12:22Z by daira
comment:2 Changed at 2016-08-03T13:36:11Z by dawuud
i got my dev branch to build with cryptopp 5.6.3 here:
https://github.com/tahoe-lafs/pycryptopp/pull/29
however i think we should instead use their latest because this would also help to solve for adding two more crypto primitives: blake2 and chacha20.
i've commented on the progress here on the chacha20 ticket:
https://tahoe-lafs.org/trac/pycryptopp/ticket/94#comment:7
comment:3 Changed at 2016-10-12T09:07:55Z by dawuud
moving this to https://tahoe-lafs.org/trac/pycryptopp/ticket/100
where we will upgrade to the latest stable
comment:4 Changed at 2016-10-12T09:08:39Z by dawuud
- Resolution set to wontfix
- Status changed from new to closed
+1. Normally I would recommand OTAAT, but in this case I think we should do both at the same time, so that we don't have to worry about possible regressions in the assembly code for Crypto++ 5.6.3. (Even if we don't think there are likely to be any such regressions, it is better just to exclude the possibility.)