Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PyCrypto is dead; Use cryptodome #1527

Closed
jdell64 opened this issue Sep 21, 2017 · 7 comments
Closed

PyCrypto is dead; Use cryptodome #1527

jdell64 opened this issue Sep 21, 2017 · 7 comments
Labels
type: bug A confirmed report of unexpected behavior in the application

Comments

@jdell64
Copy link

jdell64 commented Sep 21, 2017
edited by jeremystretch

Issue type

[ ] Feature request
[X] Bug report
[ ] Documentation

Environment

  • Python version: 3.6.2
  • NetBox version: Example: 2.1.3

Description

To replicate, attempt to run this on a windows server / windows box. pcrypto won't install and is dead now. replacing it with pycryptodome gets you further in the process, but fails when referencing XOR
@jdell64
Copy link
Author

jdell64 commented Sep 21, 2017

Additionally,

https://docs.openstack.org/bandit/latest/blacklists/blacklist_calls.html#b304-b305-ciphers-and-modes

states that Crypto.Cipher.XOR.new is insecure.

@jdell64
Copy link
Author

jdell64 commented Sep 21, 2017

Opened a PR #1528

I don't know enough about what the XOR function is doing to replace it properly

@jdell64 jdell64 closed this as completed Sep 22, 2017
@jdell64 jdell64 reopened this Sep 22, 2017
@jdell64
Copy link
Author

jdell64 commented Sep 22, 2017

opened a new PR #1531

@jeremystretch
Copy link
Member

Was this issue opened to address a bug? If so, please file a bug report using the issue template. Otherwise, these changes do not appear to be necessary.

@jdell64
Copy link
Author

jdell64 commented Sep 22, 2017
edited by jeremystretch

I'll fill out the form. The two issues it addresses is is that

  1. it won't run on windows because pyCrypto will not install on windows. The only way to make this work is to install packages defunct for 3 years and downgrade to a python version that is no longer supported.

  2. pcrypto is dead. The application makes heavy use of some functions in there that have been dropped from it's replacement pycryptodome

@jeremystretch jeremystretch mentioned this issue Sep 22, 2017
Closed
@jdell64
Copy link
Author

jdell64 commented Sep 22, 2017
edited

I have a monkey patch that works (passes the cibuild). Should I raise another PR or just let you review it in my fork? (link: https://github.com/jdell64/netbox)

@jeremystretch jeremystretch added the type: bug A confirmed report of unexpected behavior in the application label Oct 9, 2017
jeremystretch added a commit that referenced this issue Oct 9, 2017
@jeremystretch
Fixes #1527: Replace deprecated pycrypto library with pycryptodome
c300879
@jdell64
Copy link
Author

jdell64 commented Oct 9, 2017

Thanks for all your hard work on this 👍

@jeremystretch jeremystretch mentioned this issue Oct 12, 2017
Merged
lampwins pushed a commit to lampwins/netbox that referenced this issue Oct 13, 2017
@jeremystretch
Fixes netbox-community#1527: Replace deprecated pycrypto library with…
590acc3 
… pycryptodome
@jeremystretch jeremystretch mentioned this issue Nov 15, 2019
Closed
@lock lock bot locked as resolved and limited conversation to collaborators Jan 18, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type: bug A confirmed report of unexpected behavior in the application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jdell64 @jeremystretch