Afaik its only used in the openid module. And exploiting a timing attack
over network is most likely not possible.
On Saturday, June 7, 2014 8:40:54 PM UTC+1, em2slyn wrote:
>
> Hi All:
>
> I am hosting a Sage server for our department and ever since upgrading to
> 6.X the following message displays every time Sage is launched.
>
> Executing twistd --pidfile="sage_notebook.sagenb/sagenb.pid" -ny
> "sage_notebook.sagenb/twistedconf.tac"
> /home/sageserver/sage-6.2/local/lib/python2.7/site-packages/Crypto/Util/number.py:57:
>
> PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using
> libgmp >= 5 to avoid timing attack vulnerability.
> _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to
> avoid timing attack vulnerability.", PowmInsecureWarning)
> .
> .
> .
>
> I've been tracking this down and noticed there are a number of posts on
> the web related to this warning although not specifically addressing Sage.
> Unfortunately, some sites have provided various workarounds but I cannot
> seem to find a resolution.
>
> I am currently hosting Sage 6.2 on Ubuntu Server 12.04 and tried an
> experimental build using Ubuntu 14.04. Initially, I installed GMP 6.0.0a
> from gmplib.org and rebuilding Python using the command *sage -f python*
> along with *SAGE_UPDATING=yes make*. The warning persisted. Then I did a
> complete build from source adding libgmp-dev to the standard pool of
> prerequisite packages. Still no luck.
>
> First of all, is this a problem with Sage or the OS I've selected to use?
> Is there a package that is missing that should be included in the build?
> Any input would be welcome. Thank you!
>
> Have a GREAT DAY!!
>
> Shaun
>
--
You received this message because you are subscribed to the Google Groups
"sage-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-support.
For more options, visit https://groups.google.com/d/optout.
