steem-python icon indicating copy to clipboard operation
steem-python copied to clipboard

Published 20 hours ago verified publisher icon steemit

Use cryptography.io instead of pycrypto

Open john-g-g opened this issue 7 years ago • 4 comments

we use pycrypto for aes encryption, but we should use cryptography instead for following reasons:

  • pycrypto is dead project with last commit in 2014
  • multiple outstanding exploits (CVE-2013-7459)[https://www.cvedetails.com/cve/CVE-2013-7459/],(CVE-2018-6594)[https://www.cvedetails.com/cve/CVE-2018-6594/)

john-g-g avatar Jul 13 '18 21:07 john-g-g

You can check here: https://github.com/holgern/beem/blob/master/beem/aes.py how to implement this.

holgern avatar Jul 15 '18 06:07 holgern

@holgern @john-g-g pycryptodome is a maintained drop-in replacement for pycrypto

Mattwmaster58 avatar Sep 01 '18 23:09 Mattwmaster58

please exchange pycrypto for pycryptodome because as @Mattwmaster58 said it is still maintained and they actually interfere with each other when both are installed (which they are in my case) !

MarcelBeining avatar Nov 01 '18 14:11 MarcelBeining

You can just replace pycrypto by pycryptodome. After installing steem-python, you can simply pip uninstall pycrypto and pip install pycryptodome and it just works (tm). But yes, this should be listed as a requirement.

tpaixao avatar Dec 17 '18 20:12 tpaixao