[pycrypto] Any progress with pycrypto 2.7?
Legrandin
helderijs at gmail.com
Sun Apr 13 11:09:04 PDT 2014
[ Shameless ping ]
Is there any progress with the release?
Or any indication about when it could take place?
>> 2) Potential DoS when importing an RSA key (segfault of the interpreter)
> > I assume you mean the floating-point exception that occurs when you pass
> an
> > even modulus to RSA.construct?
>
> Correct.
>
> > https://bugs.launchpad.net/pycrypto/+bug/1193521
> > https://github.com/dlitz/pycrypto/pull/50
> >
> > On pull request #50 ("Add checks to verify correctness of RSA/DSA/ElGamal
> > keys"), it would be helpful if others could chime in about the potential
> for
> > leaking private keys via timing side-channels.
>
> In addition to fixing the DoS, PR #50 also replaced the custom
> KeyFormatError exception with ValueError in the DSA code (I wrote it
> before you expressed preference for not having custom exceptions at
> all).
>
> I would actually apply first this other PR:
>
> https://github.com/dlitz/pycrypto/pull/71
>
> Since there are 2 other exception types to fix.
> Hopefully PR #50 still applies cleanly after it.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20140413/acf7dd3f/attachment.html>
More information about the pycrypto
mailing list