On Wed, 26 Feb 2014 16:12:43 Jean-Pierre Flori wrote: > On Thursday, February 27, 2014 1:07:00 AM UTC+1, Andrey Novoseltsev wrote: > > Hello, > > > > When I try to start a notebook from 6.1.1, I get > > > > sage-6.1.1/local/lib/python2.7/site-packages/Crypto/Util/number.py:57: > > PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using > > libgmp >= 5 to avoid timing attack vulnerability. > > > > Which did not happen before. Googling shows it in a few threads related to > > other things, so I am not the only one with this warning - how serious it > > is and why does it appear? Do we have a too old version of GMP or it is > > detected incorrectly? > > pycrypto wants to use powm_sec functions only available in latest versions > of GMP and which will never be in MPIR. > Unless you're using Sage to do actual crypto (which is a bad idea) and > fear that someone spies your computer it's a no issue. > > I think we kind of dealt with that when updating pycrypto, but apparently > we missed something or you're using parts of pycrypto not used in sage (in > fact none of pycrypto should be imported by default now IIRC). > What about secure notebook sessions? He says that he sees it while starting the notebook.
Francois -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at http://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/groups/opt_out.
