You should rebuild using libgmp >= 5 to avoid timing attack vulnerability

getting this on your linux when trying to run something?

You should rebuild using libgmp >= 5 to avoid timing attack vulnerability. _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

yup, seen it…

RHEL has GMP version 4.something
PyCrypto needs GMP >= 5

RHEL is a tad behind we have to re-make The GNU Multiple Precision Arithmetic Library stuff.

solution:

    1. download the sources from https://gmplib.org/#DOWNLOAD

    2. and according to the instructions from the package:

      tar -xvjpf gmp-6.0.0a.tar.bz2
      ./configure 
      make 
      make check
      make install 
      
      
    3. rebuild PyCrypto

      pip install --ignore-installed PyCrypto
    4. for good measure, re-build and re-install some stuff (trust me, just go with it)

      yum -y groupinstall "Development tools" 
      yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-devel openssl-devel zlib-devel bzip2-devel ncurses-devel

tada! send me a nice thank you note when you’re done.

Previous
Previous

The emctl file in the oraclehome cannot be renamed from emctl.bat to emctl_upgrade.bat

Next
Next

change the default port that OpenSSH server uses