[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [SECURITY] [DSA 2502-1] python-crypto security update

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] [SECURITY] [DSA 2502-1] python-crypto security update
From: coderman <coderman@xxxxxxxxx>
Date: Sun, 24 Jun 2012 19:35:03 -0700

On Sun, Jun 24, 2012 at 1:37 PM, Moritz Muehlenhoff <jmm@xxxxxxxxxx> wrote:
> ...
> Package        : python-crypto
> Vulnerability  : programming error...
> It was discovered that that the ElGamal code in PythonCrypto, a
> collection of cryptographic algorithms and protocols for Python used
> insecure insufficient prime numbers in key generation

i wish i had a dollar for every not-so-random random number generator
error that has transpired the last few years. i could pay for DEF CON.
;)

decades pass, and yet people still fuck up the fundamentals. regularly...

how many of you fools mix a hw entropy source into your crypto keying?

ever hear of 82802? XSTORE? RDRAND? lava lamps?

</cry>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] [SECURITY] [DSA 2502-1] python-crypto security update
  - From: BMF

References:
- [Full-disclosure] [SECURITY] [DSA 2502-1] python-crypto security update
  - From: Moritz Muehlenhoff

Prev by Date: Re: [Full-disclosure] Sunday Fodder
Next by Date: [Full-disclosure] hashdays 2012 - Call for Papers (#days CFP)
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2502-1] python-crypto security update
Next by thread: Re: [Full-disclosure] [SECURITY] [DSA 2502-1] python-crypto security update
Index(es):
- Date
- Thread