From dlitz at DLITZ.NET Mon Nov 2 03:38:31 2009 From: dlitz at DLITZ.NET (Dwayne C. Litzenberger) Date: Sun, 1 Nov 2009 21:38:31 -0500 Subject: [PYTHON-CRYPTO] ANN: PyCrypto 2.1.0 beta 1 released Message-ID: <20091102023831.GA20051@rivest.dlitz.net> PyCrypto 2.1.0b1 has been released. This is the first beta release since I took over as maintainer of PyCrypto. You can download this release from http://www.pycrypto.org/ It has the following SHA256 sums: 7be4be8262ed8443700eed71e498e9b8d8a5ac17f3a00abc112c81753ffec9ba *pycrypto-2.1.0b1.tar.gz d4f628937c04faa5daaf4bd99e7c7ecbcd90e43f9291bcbc5a428ceacdd80f21 *pycrypto-2.1.0b1.tar.gz.asc Please test it and post your experiences to the PyCrypto mailing list: pycrypto at lists.dlitz.net and/or file bug reports on Launchpad: https://bugs.launchpad.net/pycrypto Here is a (non-exhaustive) list of changes between 2.0.1 and 2.1.0beta1: 2.1.0beta1 ========== * Modified RSA.generate() to ensure that e is coprime to p-1 and q-1. Apparently, RSA.generate was capable of generating unusable keys. 2.1.0alpha2 =========== * Modified isPrime() to release the global interpreter lock while performing computations. (patch from Lorenz Quack) * Release the GIL while encrypting, decrypting, and hashing (but not during initialization or finalization). * API changes: - Removed RandomPoolCompat and made Crypto.Util.randpool.RandomPool a wrapper around Crypto.Random that emits a DeprecationWarning. This is to discourage developers from attempting to provide backwards compatibility for systems where there are NO strong entropy sources available. - Added Crypto.Random.get_random_bytes(). This should allow people to use something like this if they want backwards-compatibility: try: from Crypto.Random import get_random_bytes except ImportError: try: from os import urandom as get_random_bytes except ImportError: get_random_bytes = open("/dev/urandom", "rb").read - Implemented __ne__() on pubkey, which fixes the following broken behaviour: >>> pk.publickey() == pk.publickey() True >>> pk.publickey() != pk.publickey() True (patch from Lorenz Quack) - Block ciphers created with MODE_CTR can now operate on strings of any size, rather than just multiples of the underlying cipher's block size. - Crypto.Util.Counter objects now raise OverflowError when they wrap around to zero. You can override this new behaviour by passing allow_wraparound=True to Counter.new() 2.1.0alpha1 =========== * This version supports Python versions 2.1 through 2.6. * Clarified copyright status of much of the existing code by tracking down Andrew M. Kuchling, Barry A. Warsaw, Jeethu Rao, Joris Bontje, Mark Moraes, Paul Swartz, Robey Pointer, and Wim Lewis and getting their permission to clarify the license/public-domain status of their contributions. Many thanks to all involved! * Replaced the test suite with a new, comprehensive package (Crypto.SelfTest) that includes documentation about where its test vectors came from, or how they were derived. Use "python setup.py test" to run the tests after building. * API changes: - Added Crypto.version_info, which from now on will contain version information in a format similar to Python's sys.version_info. - Added a new random numbers API (Crypto.Random), and deprecated the old one (Crypto.Util.randpool.RandomPool), which was misused more often than not. The new API is used by invoking Crypto.Random.new() and then just reading from the file-like object that is returned. CAVEAT: To maintain the security of the PRNG, you must call Crypto.Random.atfork() in both the parent and the child processes whenever you use os.fork(). Otherwise, the parent and child will share copies of the same entropy pool, causing them to return the same results! This is a limitation of Python, which does not provide readily-accessible hooks to os.fork(). It's also a limitation caused by the failure of operating systems to provide sufficiently fast, trustworthy sources of cryptographically-strong random numbers. - Crypto.PublicKey now raises ValueError/TypeError/RuntimeError instead of the various custom "error" exceptions - Removed the IDEA and RC5 modules due to software patents. Debian has been doing this for a while - Added Crypto.Random.random, a strong version of the standard Python 'random' module. - Added Crypto.Util.Counter, providing fast counter implementations for use with CTR-mode ciphers. * Bug fixes: - Fixed padding bug in SHA256; this resulted in bad digests whenever (the number of bytes hashed) mod 64 == 55. - Fixed a 32-bit limitation on the length of messages the SHA256 module could hash. - AllOrNothing: Fixed padding bug in digest() - Fixed a bad behaviour of the XOR cipher module: It would silently truncate all keys to 32 bytes. Now it raises ValueError when the key is too long. - DSA: Added code to enforce FIPS 186-2 requirements on the size of the prime p - Fixed the winrandom module, which had been omitted from the build process, causing security problems for programs that misuse RandomPool. - Fixed infinite loop when attempting to generate RSA keys with an odd number of bits in the modulus. (Not that you should do that.) * Clarified the documentation for Crypto.Util.number.getRandomNumber. Confusingly, this function does NOT return N random bits; It returns a random N-bit number, i.e. a random number between 2**(N-1) and (2**N)-1. Note that getRandomNumber is for internal use only and may be renamed or removed in future releases. * Replaced RIPEMD.c with a new implementation (RIPEMD160.c) to alleviate copyright concerns. * Replaced the DES/DES3 modules with ones based on libtomcrypt-1.16 to alleviate copyright concerns. * Replaced Blowfish.c with a new implementation to alleviate copyright concerns. * Added a string-XOR implementation written in C (Crypto.Util.strxor) and used it to speed up Crypto.Hash.HMAC * Converted documentation to reStructured Text. * Added epydoc configuration Doc/epydoc-config * setup.py now emits a warning when building without GMP. * Added pct-speedtest.py to the source tree for doing performance testing on the new code. * Cleaned up the code in several places. Cheers! - Dwayne -- Dwayne C. Litzenberger Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7 Annual key (2009) - C805 1746 397B 0202 2758 2821 58E0 894B 81D2 582E -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 221 bytes Desc: Digital signature URL: From info at EGENIX.COM Tue Nov 10 21:53:18 2009 From: info at EGENIX.COM (eGenix Team: M.-A. Lemburg) Date: Tue, 10 Nov 2009 21:53:18 +0100 Subject: [PYTHON-CRYPTO] ANN: eGenix pyOpenSSL Distribution 0.9.0-0.9.8l Message-ID: <4AF9D2BE.8010407@egenix.com> ________________________________________________________________________ ANNOUNCING eGenix.com pyOpenSSL Distribution Version 0.9.0-0.9.8l An easy-to-install and easy-to-use distribution of the pyOpenSSL Python interface for OpenSSL - available for Windows, Mac OS X and Unix platforms This announcement is also available on our web-site for online reading: http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.9.0-0.9.8l-1.html ________________________________________________________________________ INTRODUCTION The eGenix.com pyOpenSSL Distribution includes everything you need to get started with SSL in Python. It comes with an easy-to-use installer that includes the most recent OpenSSL library versions in pre-compiled form, making your application independent of OS provided OpenSSL libraries: http://www.egenix.com/products/python/pyOpenSSL/ pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS- aware network applications as well as certificate management tools: http://pyopenssl.sourceforge.net/ OpenSSL is an open-source implementation of the SSL/TLS protocol: http://www.openssl.org/ ________________________________________________________________________ NEWS This new release of the eGenix.com pyOpenSSL Distribution updates the included OpenSSL version to 0.9.8l. The new OpenSSL version includes an important work-around for a serious problem in TLS, the protocol implemented and used by OpenSSL. The Man-in-the-Middle TLS protocol attack was disclosed on 2009-11-05 and is being tracked as CVE-2009-3555: http://isc.sans.org/diary.html?storyid=7534 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 IMPORTANT: The work-around chosen by the OpenSSL team is to disable SSL session renegotiations altogether. This can cause applications relying on this feature on the client or server side to fail. You can still download the previous version of our pyOpenSSL distribution if you run into such problems: http://www.egenix.com/products/python/pyOpenSSL/0.9.0-0.9.8k_1/ As always, we provide binaries that include both pyOpenSSL and the necessary OpenSSL libraries for all supported platforms: Windows x86, Linux x86 and x64, Mac OS X PPC and x86. Due to popular demand, we've also added .egg-file format versions of our eGenix.com pyOpenSSL Distribution for Windows and Linux to the available download options. These makes setups using e.g. zc.buildout and other egg-file based installers a lot easier. ________________________________________________________________________ DOWNLOADS The download archives and instructions for installing the package can be found at: http://www.egenix.com/products/python/pyOpenSSL/ ________________________________________________________________________ UPGRADING Before installing this version of pyOpenSSL, please make sure that you uninstall any previously installed pyOpenSSL version. Otherwise, you could end up not using the included OpenSSL libs. _______________________________________________________________________ SUPPORT Commercial support for these packages is available from eGenix.com. Please see http://www.egenix.com/services/support/ for details about our support offerings. _______________________________________________________________________ INFORMATION About Python (http://www.python.org/): Python is an object-oriented Open Source programming language which runs on all modern platforms. By integrating ease-of-use, clarity in coding, enterprise application connectivity and rapid application design, Python establishes an ideal programming platform for today's IT challenges. About eGenix (http://www.egenix.com/): eGenix is a software project, consulting and product company focusing on expert services and professional quality products for companies, Python users and developers. Enjoy, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Nov 10 2009) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/