[pycrypto] Any progress with pycrypto 2.7?

Dwayne Litzenberger dlitz at dlitz.net
Fri Feb 21 20:34:09 PST 2014

For reference, here are the relevant bugs and/or pull requests, where 
discussion is taking place.  I've added comments to all three.

>1) Hard crash on recent recent Intel CPUs (due gcc and AESNI)


>2) Potential DoS when importing an RSA key (segfault of the interpreter)

I assume you mean the floating-point exception that occurs when you pass 
an even modulus to RSA.construct?


On pull request #50 ("Add checks to verify correctness of 
RSA/DSA/ElGamal keys"), it would be helpful if others could chime in 
about the potential for leaking private keys via timing side-channels.

>3) Silent, incorrect HMAC construction for SHA-2


Dwayne C. Litzenberger <dlitz at dlitz.net>
  OpenPGP: 19E1 1FE8 B3CF F273 ED17  4A24 928C EC13 39C2 5CF7

More information about the pycrypto mailing list