CTR mode needs counter parameter, not IV

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CTR mode needs counter parameter, not IV

duplicity-talk mailing list
I've tracked the problem down to (unpublished) CVE-2013-7459 dealing with a bug in pycrypto:

Heap-buffer overflow in ALGobject structure

It has already been fixed on Gentoo (and other distros) by the following patch:


Apparently, duplicity needs some modifications as well since pycrypto will most likely apply this patch in the near future.

For now, the workaround on Gentoo is a simple rollback to pycrypto-2.6.1-r1 which does not yet contain the patch.
Duplicity-talk mailing list
[hidden email]