New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stop creating issues - this project is dead! #173

Open
ololoe opened this Issue Nov 24, 2015 · 8 comments

Comments

Projects
None yet
6 participants
@ololoe
Copy link

ololoe commented Nov 24, 2015

Move to a fork like pycryptodome

@mouse07410

This comment has been minimized.

Copy link

mouse07410 commented Nov 27, 2015

PyCryptodome is an interesting fork, and worked out of box on OS X 10.10.5. The only two things it is missing (IMHO) are:

  • documentation and/or examples for all the included/provided algorithms;
  • support for ECC algorithms.

Would love to see those added.

@pkoning2

This comment has been minimized.

Copy link

pkoning2 commented Dec 4, 2015

Is there any reason to believe that the original comment is valid?

@mouse07410

This comment has been minimized.

Copy link

mouse07410 commented Dec 4, 2015

"Valid" in what sense? pycryptodome is a fork that appears to be maintained, and contains algorithms that the original PyCrypto has been missing. I've started using it, and so far so good.

There hasn't been a new release of PyCrypto for several years. 2.7 has been in alpha state for approximately that long. So while I cannot tell whether the original project is dead, it clearly isn't actively maintained.

@johnthagen

This comment has been minimized.

Copy link

johnthagen commented Dec 14, 2015

Took me a while to figure this out -- maybe the README should be updated to clearly state this at the top?

@pkoning2

This comment has been minimized.

Copy link

pkoning2 commented Dec 14, 2015

Yes, that would be good. For one thing, that would alert other projects that depend on pycrypto (like pysnmp) that they need to switch, or at the very least that they need to be able to use pycryptome as an alternative dependency.

@ololoe

This comment has been minimized.

Copy link

ololoe commented Feb 25, 2016

Holy fucking shit, it even has an exploitable buffer overflow (although no idea how to do it remotely) #176

@WGH-

This comment has been minimized.

Copy link

WGH- commented Mar 5, 2016

@mavit mavit referenced this issue Jul 25, 2016

Closed

Replace PyCrypto usage with cryptography.io #13075

0 of 6 tasks complete

mbakke pushed a commit to mbakke/guix that referenced this issue Dec 27, 2016

gnu: python-stem: Don't use python-pycrypto.
Python-pycrypto is an optional dependency of python-stem. Python-pycrypto is
unmaintained [0] and contains an exploitable buffer overflow bug [1].

[0] dlitz/pycrypto#173
[1] dlitz/pycrypto#176

* gnu/packages/python.scm (python-stem, python2-stem)[propagated-inputs]: Remove
python-pycrypto.

conradlink added a commit to conradlink/awesome-python that referenced this issue Jan 27, 2017

Remove pycrypto (vinta#819)
It appears pycrypto is no longer maintained and has known vulnerabilities, see:
dlitz/pycrypto#176
dlitz/pycrypto#173

Appears that larger projects (paramiko, ansible, twisted) have moved over to PyCA's cryptography, which is already on the list.

patrickod pushed a commit to patrickod/stem that referenced this issue Mar 1, 2017

Migrate from pycrypto to cryptography module
Stem had an optional dependency on pycrypto to validate descriptor signatures
but seems the module is no longer maintained...

  dlitz/pycrypto#173

Moving to the cryptography module (https://cryptography.io/en/latest/).

Thanks Patrick!
@adombeck

This comment has been minimized.

Copy link

adombeck commented Apr 21, 2017

@dlitz Could you please update the README to reflect that this project has been unmaintained for almost 3 years?

tparks5 pushed a commit to tparks5/tor-stem that referenced this issue May 5, 2017

Migrate from pycrypto to cryptography module
Stem had an optional dependency on pycrypto to validate descriptor signatures
but seems the module is no longer maintained...

  dlitz/pycrypto#173

Moving to the cryptography module (https://cryptography.io/en/latest/).

Thanks Patrick!

patrickod pushed a commit to patrickod/stem that referenced this issue Jul 15, 2017

Support signing server descriptors
Fuck yeah, got it! Signing server descriptors we create.

Leekspin uses PyCrypto which is deprecated [1], so wasn't able to take
advantage of it as much as I hoped. On the upside cryptography is simpler than
what Isis had.

There was one rough bit though - cryptography embeds a constant indicating the
hashing algorithm it signs with. This required us to hack out part of its
internals. Hopefully upstream is amenable to adding a flag for this.

Thus far we only sign server descriptors. Gonna follow this up with other
descriptor types Leekspin supports so we can migrate BridgeDB's tests to use
this.

[1] dlitz/pycrypto#173

afbase added a commit to afbase/thumbor that referenced this issue Nov 2, 2017

I'm making this commit to replace the deprecated library dlitz/pycrypto
for legrandin/pycryptome mostly a drag and drop replacement

For deprecation notice see: dlitz/pycrypto#173
For Legrandin/pycryptome see: https://github.com/Legrandin/pycryptodome

heynemann added a commit to thumbor/thumbor that referenced this issue Jan 15, 2018

I'm making this commit to replace the deprecated library dlitz/pycrypto
for legrandin/pycryptome mostly a drag and drop replacement

For deprecation notice see: dlitz/pycrypto#173
For Legrandin/pycryptome see: https://github.com/Legrandin/pycryptodome

raymontag added a commit to raymontag/kppy that referenced this issue May 16, 2018

Changed PyCrypto to PyCryptodome
This commit removes the usage of PyCrypto and add support for
PyCryptodome. This is necessary as PyCrypto is not maintained anymore
and seems to have serious issues. PyCryptodome is an active fork of
PyCrypto

This is referenced in dlitz/pycrypto#173 and dlitz/pycrypto#176.

This is an answer to the suggestion from raymontag/keepass#72

raymontag added a commit to raymontag/keepassc that referenced this issue May 16, 2018

Changed PyCrypto to PyCryptodome
This commit removes the usage of PyCrypto and add support for
PyCryptodome. This is necessary as PyCrypto is not maintained anymore
and seems to have serious issues. PyCryptodome is an active fork of
PyCrypto

This is referenced in dlitz/pycrypto#173 and dlitz/pycrypto#176.

This is an answer to the suggestion from raymontag/keepass#72
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment