Okay, folks, I went ahead and applied the patch to pycryptopp to strip out the timer-based defenses against RNG-repeat (e.g. due to vm rollback): [1]. Black Dew went ahead and confirmed that this made pycryptopp build on unpatched MinGW. I updated the MinGW bug report [2].
I'm not entirely comfortable with "weakening" Crypto++ like this, especially because it is reminiscent of the recent Debian-OpenSSL fiasco, but I'm pretty sure no real danger is introduced into pycryptopp this way. Regards, Zooko [1] http://allmydata.org/trac/pycryptopp/changeset/20090621051014-92b7f-3489ac19e9b0fde0c44943d20b603b860a89bf1f [2] https://sourceforge.net/tracker/?func=detail&aid=2805976&group_id=2435&atid=302435 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
