[tor-relays] Bridge Operators - Heartbleed, Heartwarming, and Increased Help

[Yawning Angel]

On Sat, 26 Apr 2014 06:05:27 +0000
Yawning Angel <yawning at schwanenlied.me> wrote:

[snip]

> I'll look into adding backward compatibility code for the version of
> pycrypto CentOS packages so it's possible to setup one of these
> without pulling in all the development tools next (Git is temporary
> till the next obfsproxy release, since the #11558 changes are
> needed).  Follow the bug for future progress.

Ok, I just closed the bug[0] as "invalid", with no planned further
action on my part with regards to this.

Summary of current state of obfsproxy on CentOS 6:

  It works with the vendor provided packages (Including python 2.6), as
  long as you install a more recent version of pycrypto.

  The vendor provided pycrypto (python-crypto-2.0.1-22) is not usable
  because it is missing `Crypto.Util.Counter` *and* more importantly,
  the CTR-AES implementation only handles plaintexts/ciphertexts that
  are sized as a multiple of the AES block size.

  Any version of pycrypto that has a fully working CTR-AES
  implementation will also provide `Crypto.Util.Counter`, so there is
  no need to implement the latter in obfsproxy as a compatibility hack.

  Till the next release of obfsproxy, people that wish to use this will
  need to grab obfsproxy from the git repository to get a fix for
  #11558.

How one will properly update pycrypto is left as an exercise to someone
that actually uses CentOS.

-- 
Yawning Angel

[0]: https://trac.torproject.org/projects/tor/ticket/11610#comment:3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140426/703f9969/attachment.sig>