«

»

Print this Post

You should rebuild using libgmp >= 5 to avoid timing attack vulnerability

getting this on your linux when trying to run something?

You should rebuild using libgmp >= 5 to avoid timing attack vulnerability. _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

yup, seen it…

RHEL has GMP version 4.something
PyCrypto needs GMP >= 5

RHEL is a tad behind we have to re-make The GNU Multiple Precision Arithmetic Library stuff.

solution:

    1. download the sources from https://gmplib.org/#DOWNLOAD
    2. and according to the instructions from the package:
      tar -xvjpf gmp-6.0.0a.tar.bz2
      ./configure 
      make 
      make check
      make install 
      
    3. rebuild PyCrypto
      pip install --ignore-installed PyCrypto
    4. for good measure, re-build and re-install some stuff (trust me, just go with it)
      yum -y groupinstall "Development tools" 
      yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-devel openssl-devel zlib-devel bzip2-devel ncurses-devel

tada! send me a nice thank you note when you’re done.

About devnumbertwo

IT consultant, software developer, technical writer, nba basketball spectator, tea (and occasionally coffee) drinker, cheese enthusiast, dog lover, and a person who once spotted heather locklear at the mall. chiggity check me out on twitter and
You should rebuild using libgmp >= 5 to avoid timing attack vulnerability was last modified: April 8th, 2015 by devnumbertwo

Permanent link to this article: http://devnumbertwo.com/you-should-rebuild-using-libgmp-5/