Re: [SECURITY] [DLA 1283-1] python-crypto security update
Antoine Beaupré <anarcat@orangeseeds.org> writes:
> I'm not sure. The security team marked that as "no-dsa (minor issue)"
> for jessie and stretch, and fixed in pycryptodome 3.4.11-1... Couldn't
> we reuse the fixes from cryptodome to get this working properly? Or is
> this what you say breaks API compatibility?
I don't think I ever said anything about breaking API compatability.
Rather the patch that was applied upstream was considered insufficient
(by the security researcher) to fix the problem.
This is same patch I used for the LTS problem.
Upstream was told about the problem:
https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362783537
"This indicates that, with your latest modification, ElGamal encryption
is now secure under the DDH assumption. However, this is not true. As I
mentioned in my previous comment, you must encode plaintexts as
quadratic residues, too (which is, I guess, what breaks compatibility)."
... but they didn't seem to care:
https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362907413
"Since the library itself does not support encryption officially, we
cannot make claim an implementation using the keys generated by the
library is secure or not."
So it does look like fixing this properly might break API compatability,
but there are no known fixes we can apply.
--
Brian May <bam@debian.org>
Reply to: