Okay, folks, I went ahead and applied the patch to pycryptopp to strip
out the timer-based defenses against RNG-repeat (e.g. due to vm
rollback): [1]. Black Dew went ahead and confirmed that this made
pycryptopp build on unpatched MinGW. I updated the MinGW bug report
[2].
I'm not entirely comfortable with "weakening" Crypto++ like this,
especially because it is reminiscent of the recent Debian-OpenSSL
fiasco, but I'm pretty sure no real danger is introduced into
pycryptopp this way.
Regards,
Zooko
[1]
http://allmydata.org/trac/pycryptopp/changeset/20090621051014-92b7f-3489ac19e9b0fde0c44943d20b603b860a89bf1f[2]
https://sourceforge.net/tracker/?func=detail&aid=2805976&group_id=2435&atid=302435--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to
cryptopp-users-unsubscribe@....
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---
