Sage posts "PowmInsecureWarning: Not using mpz_powm_sec." when launched

[em2slyn]

Hi All:

I am hosting a Sage server for our department and ever since upgrading to 6.X the following message displays every time Sage is launched.

Executing twistd  --pidfile="sage_notebook.sagenb/sagenb.pid" -ny "sage_notebook.sagenb/twistedconf.tac"
/home/sageserver/sage-6.2/local/lib/python2.7/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

.

.

.

I've been tracking this down and noticed there are a number of posts on the web related to this warning although not specifically addressing Sage. Unfortunately, some sites have provided various workarounds but I cannot seem to find a resolution.

I am currently hosting Sage 6.2 on Ubuntu Server 12.04 and tried an experimental build using Ubuntu 14.04. Initially, I installed GMP 6.0.0a from gmplib.org and rebuilding Python using the command sage -f python along with SAGE_UPDATING=yes make. The warning persisted. Then I did a complete build from source adding libgmp-dev to the standard pool of prerequisite packages. Still no luck.

First of all, is this a problem with Sage or the OS I've selected to use? Is there a package that is missing that should be included in the build? Any input would be welcome. Thank you!

Have a GREAT DAY!!

Shaun

[Volker Braun]

Afaik its only used in the openid module. And exploiting a timing attack over network is most likely not possible. 

[Martin Albrecht]

On Saturday 07 Jun 2014 13:34:18 Volker Braun wrote:
> Afaik its only used in the openid module. And exploiting a timing attack
> over network is most likely not possible.

they are practical at least over LAN:
https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

> On Saturday, June 7, 2014 8:40:54 PM UTC+1, em2slyn wrote:
> > Hi All:
> >
> > I am hosting a Sage server for our department and ever since upgrading to
> > 6.X the following message displays every time Sage is launched.
> >
> > Executing twistd --pidfile="sage_notebook.sagenb/sagenb.pid" -ny
> > "sage_notebook.sagenb/twistedconf.tac"
> > /home/sageserver/sage-6.2/local/lib/python2.7/site-packages/Crypto/Util/nu
> > mber.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should
> > rebuild using libgmp >= 5 to avoid timing attack vulnerability.
> >
> > _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to
> >
> > avoid timing attack vulnerability.", PowmInsecureWarning)
> > .
> > .
> > .
> >
> > I've been tracking this down and noticed there are a number of posts on
> > the web related to this warning although not specifically addressing Sage.
> > Unfortunately, some sites have provided various workarounds but I cannot
> > seem to find a resolution.
> >
> > I am currently hosting Sage 6.2 on Ubuntu Server 12.04 and tried an
> > experimental build using Ubuntu 14.04. Initially, I installed GMP 6.0.0a

> > from gmplib.org and rebuilding Python using the command *sage -f python*
> > along with *SAGE_UPDATING=yes make*. The warning persisted. Then I did a

[Volker Braun]

Neat, but the flask openid shouldn't and doesn't implement SSL using pycrytpo. Looking at the source, what triggers the warning is 

from Crypto.Util.number import long_to_bytes, bytes_to_long

which is used by flask-openid to serialize data to disk.

[leif]

Volker Braun wrote:
> Neat, but the flask openid shouldn't and doesn't implement SSL using
> pycrytpo. Looking at the source, what triggers the warning is
>
> from Crypto.Util.number import long_to_bytes, bytes_to_long
>
> which is used by flask-openid to serialize data to disk.

Still, should we somehow silence the warning (probably by patching our
pycrypto package further)?

The easiest solution is of course to simply report this upstream... ;-)

(MPIR 2.7.0.alpha4 still lacks mpz_powm_sec().)


-leif

> > > from gmplib.org <http://gmplib.org> and rebuilding Python using

> the command *sage -f python*
> > > along with *SAGE_UPDATING=yes make*. The warning persisted.
> Then I did a
> > > complete build from source adding libgmp-dev to the standard
> pool of
> > > prerequisite packages. Still no luck.
> > >
> > > First of all, is this a problem with Sage or the OS I've
> selected to use?
> > > Is there a package that is missing that should be included in
> the build?
> > > Any input would be welcome. Thank you!
> > >
> > > Have a GREAT DAY!!
> > >
> > > Shaun
>

> --
> You received this message because you are subscribed to the Google
> Groups "sage-support" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to sage-support...@googlegroups.com
> <mailto:sage-support...@googlegroups.com>.
> To post to this group, send email to sage-s...@googlegroups.com
> <mailto:sage-s...@googlegroups.com>.
> Visit this group at http://groups.google.com/group/sage-support.
> For more options, visit https://groups.google.com/d/optout.


--
() The ASCII Ribbon Campaign
/\ Help Cure HTML E-Mail

[Volker Braun]

IMHO we should just change flask-openid to not import these utility functions from pycrypto. I would have patched it myself if there were an easy way, but its a tarball inside the sagenb tarball...

> <mailto:sage-support+unsub...@googlegroups.com>.

[leif]

Volker Braun wrote:
> IMHO we should just change flask-openid to not import these utility
> functions from pycrypto. I would have patched it myself if there were an
> easy way, but its a tarball inside the sagenb tarball...

Hmmm, so this should get fixed upstream sagenb?

While one could simply copy-paste those two functions and use them from
elsewhere (patching Flask-OpenID), it's unclear to me why pycrypto
issues the warning when importing /that/ module; the functions there
seem pretty unrelated, so patching pycrypto (and/or reporting it
upstream there) could still be an option.

(MPIR is not going to implement special functions safe w.r.t.
side-channel attacks.)

-leif

> On Sunday, June 8, 2014 5:16:47 PM UTC+1, leif wrote:
>
> Volker Braun wrote:
> > Neat, but the flask openid shouldn't and doesn't implement SSL using
> > pycrytpo. Looking at the source, what triggers the warning is
> >
> > from Crypto.Util.number import long_to_bytes, bytes_to_long
> >
> > which is used by flask-openid to serialize data to disk.
>
> Still, should we somehow silence the warning (probably by patching our
> pycrypto package further)?
>
> The easiest solution is of course to simply report this upstream... ;-)
>
> (MPIR 2.7.0.alpha4 still lacks mpz_powm_sec().)

[Volker Braun]

On Sunday, June 8, 2014 9:23:27 PM UTC+1, leif wrote:

Hmmm, so this should get fixed upstream sagenb?

We probably should have a better way of distributing the sagenb dependencies ;-)

 

While one could simply copy-paste those two functions and use them from
elsewhere (patching Flask-OpenID), it's unclear to me why pycrypto
issues the warning when importing /that/ module;

Agree. Both:

* pycrypto should split its utility module in ones that are harmless and ones that are potentially vulnerable to timing attacks

* python-openid shouldn't use the helpers from pycrypto; its all pretty stale code in the name of Python 2.3 support anyways. python3-openid is essentially a fork.