Closed tdsmith closed 7 years ago
Indeed, python-crypto is no longer maintained but it's only used to decrypt a buffer with AES-ECB. Regarding security, the size of the buffer passed to AES.decrypt is fixed so a vulnerability is highly unlikely.
I don't think that it justifies the use of python-cryptography.
Use cryptography instead of pycrypto since pycrypto is no longer maintained; i.e. it hasn't seen a release since 2013 or a commit to master since 2014.
pycrypto still works but there's at least one buffer overflow that doesn't have a fix in a released version -- https://github.com/dlitz/pycrypto/issues/176 -- though yubikeyedup isn't affected by it.