Rats modules using outdated crypto library · viper-framework/viper#710

(2 留言) (0 反應) (0 負責人)Python (1,527 star) (372 fork)batch import

help wanted

描述

There are several modules in the rats/ folder by @kevthehermit that are using a crypto library called pycrypto, mostly for AES and DES support. Unfortunately, this library hasn't been updated since 2014 and also has a vulnerable ElGamal implementation: https://nvd.nist.gov/vuln/detail/CVE-2018-6594

We should update these modules to make use of cryptography instead and drop pycrypto all together from our dependencies.

貢獻者指南

技術棧: python
領域: backendsecurity
議題類型: security
難度: 3
預計時間: 1-2 days
活動狀態: stale
清晰度: clear
前置要求: Basic PythonFamiliarity with cryptography libraryAbility to write testsKnowledge of AES/DES
新手友善度: 40
研究方向: Review the modules in the `rats/` directory that currently import from `pycrypto`. For each, identify the cryptographic operations (e.g., AES, DES) and replace them with equivalent functions from the `cryptography` library. Update the setup.py or requirements to remove `pycrypto` and add `cryptography`. Run existing tests and add new ones to verify the replacement works correctly. Check if any comments or previous attempts exist in the issue thread.