libgmp bug?

[c h]

using python27 this started showing in my error logs today:

1. 2012-08-21 08:22:06.683

   /base/python27_runtime/python27_lib/versions/third_party/pycrypto-2.6/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.

2. E2012-08-21 08:22:06.683

     _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

i have not changed app versions in about a week.  was this caused by a system upgrade?  the error message makes me think it's something that should be fixed?

thanks,

christian

[Anand Mistry]

Hi,

Yes, this was caused by the 1.7.1 roll out. What's happening is that you're specifying the pycrypto version in your app.yaml as 'latest' instead of a specific version. In 1.7.1, we added pycrypto 2.6 to the python27 runtime and which is what all applications that specify 'latest' are now using. The error message is a bit misleading. Your code will continue to work as-is, so there is nothing you have to change. Also, you should only see this message on the first request to an instance.

We will look into fixing this issue.

On Thursday, 23 August 2012 08:30:48 UTC+10, Richie Foreman wrote:

+1 I am also seeing this in my environment as well.

On Tuesday, 21 August 2012 10:05:54 UTC-7, c h  wrote:
> using python27 this started showing in my error logs today:
>
>

> 2012-08-21 08:22:06.683/base/python27_runtime/python27_lib/versions/third_party/pycrypto-2.6/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.E2012-08-21 08:22:06.683  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

[Fattah, Issa]

My reason for saying this is the following warning:

 

/usr/lib/python2.7/site-packages/pycrypto-2.6-py2.7-cygwin-1.7.17-i686.egg/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.

  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

 

 

Issa Fattah ▪ Senior Production Engineer, WebOperations ▪  Work: 646-674-6882 ▪  Mobile: 718-974-0815 ▪  On-Call: 646-674-5222

 

From: google-a...@googlegroups.com [mailto:google-a...@googlegroups.com] On Behalf Of ifa...@webmd.net
Sent: Friday, January 04, 2013 1:38 PM
To: google-a...@googlegroups.com
Subject: [google-appengine] Re: libgmp bug?

 

I would also greatly appreciate a fix for this warning as well.

 

On Tuesday, August 21, 2012 1:05:54 PM UTC-4, c h wrote:

using python27 this started showing in my error logs today:

 

1.    2012-08-21 08:22:06.683

/base/python27_runtime/python27_lib/versions/third_party/pycrypto-2.6/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.

2.    E2012-08-21 08:22:06.683

  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

 

i have not changed app versions in about a week.  was this caused by a system upgrade?  the error message makes me think it's something that should be fixed?

 

thanks,

 

christian

 

 

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/NLH4kV3q-4MJ.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.