divad
commented
6 years ago Resolved in the bargate 2.0 branch via commit 5306ab78c5453529405ed450055b07d315a90602
Closed divad closed 6 years ago
divad
commented
6 years ago Resolved in the bargate 2.0 branch via commit 5306ab78c5453529405ed450055b07d315a90602
divad
commented
6 years ago This was resolved in 1.5.9
'This unfixed, exploitable crashing bug should be good reason to stop using PyCrypto. But that’s not the only security flaw by any means — just browse the issues list to find more. And that’s still not all the problems. Last year I looked at the code and found a small cryptographic flaw that I patched in PyCryptodome (the fork that’s continuing the project). The flaw still exists in PyCrypto, and I didn’t bother filing an issue there. There are probably many more flaws that have been discovered, publicly or privately, but aren’t listed.'
Bargate barely uses pycrypto, its only used for very simple AES encryption and decryption. But it is a critical function inside bargate that needs to be secure.
Possible replacement: https://cryptography.io/en/latest/fernet/
Tagging @claytonpeters and @unixnation for info.