[paramiko] [MERGE] paramiko random number regression: Stop using RandomPool!
Dwayne Litzenberger
dwayne at oscl.ca
Fri Apr 4 14:36:47 PDT 2008
On April 3, 2008 04:12:23 pm Dwayne Litzenberger wrote:
[snip]
> Revision #486 [1] (and therefore Paramiko 1.7.3) re-introduces the problems
> associated with PyCrypto's RandomPool class that I described in my post
> back in January. RandomPool is not a simple "get random bits" primitive,
> but paramiko is again using it as one.
[snip]
> The result is that Paramiko 1.7.3 is totally insecure on Windows, no matter
> what version of Python is being used. On other operating systems, there is
> still the RandomPool threading issue.
>
> I will be posting a patch shortly.
The patch is attached.
--
Dwayne Litzenberger, B.A.Sc.
Information Technology Analyst
Open Systems Canada Limited
#210 - 2332 11th Ave
Regina, SK S4P0K1
Office: (306) 359-OSCL (6725)
http://www.oscl.ca/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: paramiko-fix-rng-again.bundle
Type: text/x-diff
Size: 21618 bytes
Desc: not available
Url : http://www.lag.net/pipermail/paramiko/attachments/20080404/c1f12e92/attachment.diff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://www.lag.net/pipermail/paramiko/attachments/20080404/c1f12e92/attachment.pgp
More information about the paramiko
mailing list