diff options
Diffstat (limited to 'pipermail/pycrypto/2011q1/000371.html')
| -rw-r--r-- | pipermail/pycrypto/2011q1/000371.html | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/pipermail/pycrypto/2011q1/000371.html b/pipermail/pycrypto/2011q1/000371.html new file mode 100644 index 0000000..f67f51b --- /dev/null +++ b/pipermail/pycrypto/2011q1/000371.html @@ -0,0 +1,91 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [pycrypto] how to handle known security holes Re: Comments on Elgamal, and a broader question: Whither pycrypto? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20how%20to%20handle%20known%20security%20holes%20Re%3A%20Comments%0A%09on%09Elgamal%2C%20and%20a%20broader%20question%3A%20Whither%20pycrypto%3F&In-Reply-To=AANLkTinbrh2ed_atX8h6iFwGBUOhzSTkYeBak_KbdERj%40mail.gmail.com"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000370.html"> + <LINK REL="Next" HREF="000373.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[pycrypto] how to handle known security holes Re: Comments on Elgamal, and a broader question: Whither pycrypto?</H1> + <B>Dwayne C. Litzenberger</B> + <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20how%20to%20handle%20known%20security%20holes%20Re%3A%20Comments%0A%09on%09Elgamal%2C%20and%20a%20broader%20question%3A%20Whither%20pycrypto%3F&In-Reply-To=AANLkTinbrh2ed_atX8h6iFwGBUOhzSTkYeBak_KbdERj%40mail.gmail.com" + TITLE="[pycrypto] how to handle known security holes Re: Comments on Elgamal, and a broader question: Whither pycrypto?">dlitz at dlitz.net + </A><BR> + <I>Mon Jan 3 10:54:22 CST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="000370.html">[pycrypto] how to handle known security holes Re: Comments on Elgamal, and a broader question: Whither pycrypto? +</A></li> + <LI>Next message: <A HREF="000373.html">[pycrypto] how to handle known security holes Re: Comments on Elgamal, and a broader question: Whither pycrypto? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#371">[ date ]</a> + <a href="thread.html#371">[ thread ]</a> + <a href="subject.html#371">[ subject ]</a> + <a href="author.html#371">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>+1 + +Could someone volunteer to do a quick survey of publicly available code that uses PyCrypto to see who (if anyone) is actually using Crypto.PublicKey.ElGamal? + +"Paul Hoffman" <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">paul.hoffman at gmail.com</A>> wrote: + +><i>On Mon, Jan 3, 2011 at 7:15 AM, Zooko O'Whielacronx <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">zooko at zooko.com</A>> +</I>><i>wrote: +</I>>><i> Folks: +</I>>><i> +</I>>><i> We need to decide what to do when we find flaws in PyCrypto which +</I>>><i> would expose a user who relies on PyCrypto to harm. +</I>>><i> +</I>>><i> It wouldn't hurt to send an announcement email in some consistent +</I>>><i> format saying something like "security advisory" in the subject line, +</I>>><i> and to update the download page or a NEWS page or whatever to warn +</I>>><i> about the insecure Elgamal implementation. +</I>>><i> +</I>>><i> Perhaps also delete, comment-out, or disable the Elgamal +</I>>><i> implementation and ship a new release of PyCrypto. +</I>>><i> +</I>>><i> It really makes me uncomfortable to see the PyCrypto project ship +</I>>><i> software to users which claims on the label that they can rely on it +</I>>><i> when we know that if they do, they may be exposed to harm. +</I>><i> +</I>><i>+1 to commenting out or disabling things which anyone has serious +</I>><i>security concerns over. +</I>><i>_______________________________________________ +</I>><i>pycrypto mailing list +</I>><i><A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> +</I>><i><A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A> +</I> +-- +Sent from my Android phone with K-9 Mail. Please excuse my brevity. +</PRE> + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000370.html">[pycrypto] how to handle known security holes Re: Comments on Elgamal, and a broader question: Whither pycrypto? +</A></li> + <LI>Next message: <A HREF="000373.html">[pycrypto] how to handle known security holes Re: Comments on Elgamal, and a broader question: Whither pycrypto? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#371">[ date ]</a> + <a href="thread.html#371">[ thread ]</a> + <a href="subject.html#371">[ subject ]</a> + <a href="author.html#371">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto +mailing list</a><br> +</body></html> |