rebuild (if necessary) PyCrypto eggs to use libgmp >= 5, to mitigate RSA timing attack #2094
Labels
No Label
0.2.0
0.3.0
0.4.0
0.5.0
0.5.1
0.6.0
0.6.1
0.7.0
0.8.0
0.9.0
1.0.0
1.1.0
1.10.0
1.10.1
1.10.2
1.10a2
1.11.0
1.12.0
1.12.1
1.13.0
1.14.0
1.15.0
1.15.1
1.2.0
1.3.0
1.4.1
1.5.0
1.6.0
1.6.1
1.7.0
1.7.1
1.7β
1.8.0
1.8.1
1.8.2
1.8.3
1.8β
1.9.0
1.9.0-s3branch
1.9.0a1
1.9.0a2
1.9.0b1
1.9.1
1.9.2
1.9.2a1
LeastAuthority.com automation
blocker
cannot reproduce
cloud-branch
code
code-dirnodes
code-encoding
code-frontend
code-frontend-cli
code-frontend-ftp-sftp
code-frontend-magic-folder
code-frontend-web
code-mutable
code-network
code-nodeadmin
code-peerselection
code-storage
contrib
critical
defect
dev-infrastructure
documentation
duplicate
enhancement
fixed
invalid
major
minor
n/a
normal
operational
packaging
somebody else's problem
supercritical
task
trivial
unknown
was already fixed
website
wontfix
worksforme
No Milestone
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Reference: tahoe-lafs/trac-2024-07-25#2094
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The PyCrypto eggs at https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-dep-eggs/ may need to be rebuilt against libgmp >= 5 in order to mitigate a timing attack. I don't know what libgmp versions the eggs currently hosted there are built against. See also #1586, which suppressed the (mostly useless to end-users) warning about this.
Twisted 16.0.0 removed their dependency on PyCrypto.
Note that the cryptography library still uses the Python stdlib's
pow
function when gmpy is not installed, and so may be vulnerable to the same timing attack. gmpy is no longer maintained; cryptography should probably switch to gmpy2 which has binary wheels.The Twisted ticket to stop depending on gmpy is https://twistedmatrix.com/trac/ticket/8079.