Neat, but the flask openid shouldn't and doesn't implement SSL using pycrytpo. Looking at the source, what triggers the warning is
from Crypto.Util.number import long_to_bytes, bytes_to_long which is used by flask-openid to serialize data to disk. On Sunday, June 8, 2014 11:21:20 AM UTC+1, Martin Albrecht wrote: > > On Saturday 07 Jun 2014 13:34:18 Volker Braun wrote: > > Afaik its only used in the openid module. And exploiting a timing attack > > over network is most likely not possible. > > they are practical at least over LAN: > https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf > > > On Saturday, June 7, 2014 8:40:54 PM UTC+1, em2slyn wrote: > > > Hi All: > > > > > > I am hosting a Sage server for our department and ever since upgrading > to > > > 6.X the following message displays every time Sage is launched. > > > > > > Executing twistd --pidfile="sage_notebook.sagenb/sagenb.pid" -ny > > > "sage_notebook.sagenb/twistedconf.tac" > > > > /home/sageserver/sage-6.2/local/lib/python2.7/site-packages/Crypto/Util/nu > > > mber.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should > > > rebuild using libgmp >= 5 to avoid timing attack vulnerability. > > > > > > _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 > to > > > > > > avoid timing attack vulnerability.", PowmInsecureWarning) > > > . > > > . > > > . > > > > > > I've been tracking this down and noticed there are a number of posts > on > > > the web related to this warning although not specifically addressing > Sage. > > > Unfortunately, some sites have provided various workarounds but I > cannot > > > seem to find a resolution. > > > > > > I am currently hosting Sage 6.2 on Ubuntu Server 12.04 and tried an > > > experimental build using Ubuntu 14.04. Initially, I installed GMP > 6.0.0a > > > from gmplib.org and rebuilding Python using the command *sage -f > python* > > > along with *SAGE_UPDATING=yes make*. The warning persisted. Then I did > a > > > complete build from source adding libgmp-dev to the standard pool of > > > prerequisite packages. Still no luck. > > > > > > First of all, is this a problem with Sage or the OS I've selected to > use? > > > Is there a package that is missing that should be included in the > build? > > > Any input would be welcome. Thank you! > > > > > > Have a GREAT DAY!! > > > > > > Shaun -- You received this message because you are subscribed to the Google Groups "sage-support" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-support+unsubscr...@googlegroups.com. To post to this group, send email to sage-support@googlegroups.com. Visit this group at http://groups.google.com/group/sage-support. For more options, visit https://groups.google.com/d/optout.
