Hello! This is a very accelerated security review of python-bcrypt. I didn't look at the bcrypt implementation itself but did verify that the test vectors used have overlap with Openwall's crypt_blowfish test vectors:
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/wrapper.c?rev=HEAD I've also previously reviewed python-bcrypt here: https://bugs.launchpad.net/ubuntu/+source/python- bcrypt/+bug/1427861/comments/1 Considering that I've previously reviewed the project, the test vectors are now more aligned with Openwall's test vectors, and the fact that this package was not a large maintenance burden while it was previously in main, Security Team ack for python-bcrypt. ** Changed in: python-bcrypt (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) ** Changed in: python-scrypt (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1695899 Title: [MIR] python-scrypt, python-bcrypt To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-bcrypt/+bug/1695899/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
