You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cryptography ships numerous legacy symmetric algorithms that, anecdotally, have very low use. These algorithms have a variety of security drawbacks when compared to more modern equivalents (namely AES or ChaCha20) and generally shouldn't be used. We plan to deprecate them on a long cycle such that users have a chance to speak up if they have a use case that we should consider.
The algorithms we'd like to deprecate and remove are:
CAST5
SEED
IDEA
Blowfish
3DES and ARC4 are also legacy (and ARC4 has serious security issues), but their common use in many scenarios means they will not be deprecated.
The text was updated successfully, but these errors were encountered:
imgtool from mcuboot uses python3-cryptography-native, and the latest
python3-cryptography explicitly loads the legacy provider, which is a
separate shared object in OpenSSL 3. The search path for providers is
hard-coded into the library so the wrong path is searched and the module
is not found.
Set OPENSSL_MODULES so the right path, so that the legacy module is
found. In the future we may be able to be removed this if the explict
use of legacy algorithms is removed
(pyca/cryptography#6809).
This also means we can remove the downgrades of python3-crytography that
were being carried in meta-arm.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
cryptography
ships numerous legacy symmetric algorithms that, anecdotally, have very low use. These algorithms have a variety of security drawbacks when compared to more modern equivalents (namely AES or ChaCha20) and generally shouldn't be used. We plan to deprecate them on a long cycle such that users have a chance to speak up if they have a use case that we should consider.The algorithms we'd like to deprecate and remove are:
3DES and ARC4 are also legacy (and ARC4 has serious security issues), but their common use in many scenarios means they will not be deprecated.
The text was updated successfully, but these errors were encountered: