[pycrypto] Any progress with pycrypto 2.7?
Dwayne Litzenberger
dlitz at dlitz.net
Fri Feb 21 20:34:09 PST 2014
For reference, here are the relevant bugs and/or pull requests, where
discussion is taking place. I've added comments to all three.
>1) Hard crash on recent recent Intel CPUs (due gcc and AESNI)
https://github.com/dlitz/pycrypto/pull/62
>2) Potential DoS when importing an RSA key (segfault of the interpreter)
I assume you mean the floating-point exception that occurs when you pass
an even modulus to RSA.construct?
https://bugs.launchpad.net/pycrypto/+bug/1193521
https://github.com/dlitz/pycrypto/pull/50
On pull request #50 ("Add checks to verify correctness of
RSA/DSA/ElGamal keys"), it would be helpful if others could chime in
about the potential for leaking private keys via timing side-channels.
>3) Silent, incorrect HMAC construction for SHA-2
https://bugs.launchpad.net/pycrypto/+bug/1209399
https://github.com/dlitz/pycrypto/pull/57
--
Dwayne C. Litzenberger <dlitz at dlitz.net>
OpenPGP: 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
More information about the pycrypto
mailing list