[Cryptography-dev] use of poor implementations of algorithms
Alex Gaynor
alex.gaynor at gmail.com
Thu Jun 30 18:11:53 EDT 2016
Probably the one in our readme/homepage.
It's been a while since we wrote that. If I recall correctly, PyCrypto's
AES implementation is vulnerable to the cache timing side-channel that DJB
wrote about many years ago.
Alex
On Thu, Jun 30, 2016 at 6:10 PM, Glyph Lefkowitz <glyph at twistedmatrix.com>
wrote:
>
> On Jun 29, 2016, at 23:09, Jay Gupta <cooljay.gupta at gmail.com> wrote:
>
> could you provide concrete examples of your criticism of other Python
> cryptographic packages, especially about poor algorithm interpretations?
>
>
> What specific criticism are you referring to? Cryptography developers
> have been critical of other packages (and their own!) in a variety of
> contexts.
>
> -glyph
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
>
--
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20160630/2be00108/attachment.html>
More information about the Cryptography-dev
mailing list