Pycryptodome

Latest version: v3.21.0

Safety actively analyzes 685670 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 8 of 11

3.5.0

Not secure
++++++++++++++++++++

New features
------------
* Import and export of ECC curves in compressed form.
* The initial counter for a cipher in CTR mode can be a byte string
(in addition to an integer).
* Faster PBKDF2 for HMAC-based PRFs (at least 20x for short passwords,
more for longer passwords). Thanks to Christian Heimes for pointing
out the implementation was under-optimized.
* The salt for PBKDF2 can be either a string or bytes (GH67).
* Ciphers and hash functions accept data as `bytearray`, not just
binary strings.
* The old SHA-1 and MD5 hash functions are available even when Python's
own `hashlib` does not include them.

Resolved issues
---------------

* Without libgmp, modular exponentiation (since v3.4.8) crashed
on 32-bit big-endian systems.

Breaks in compatibility
-----------------------

* Removed support for Python < 2.6.

3.4.12

++++++++++++++++++++++++

Resolved issues
---------------

* GH129. pycryptodomex could only be installed via wheels.

3.4.11

Not secure
++++++++++++++++++++++++

Resolved issues
---------------

* GH121. the record list was still not correct due to PEP3147
and __pycache__ directories. Thanks again to John O'Brien.

3.4.10

++++++++++++++++++++++++

Resolved issues
---------------

* When creating ElGamal keys, the generator wasn't a square residue:
ElGamal encryption done with those keys cannot be secure under
the DDH assumption. Thanks to Weikeng Chen.

3.4.9

Not secure
+++++++++++++++++++++++

New features
------------
* More meaningful error messages while importing an ECC key.

Resolved issues
---------------

* GH123 and 125. The SSE2 command line switch was not always passed on 32-bit x86 platforms.
* GH121. The record list (--record) was not always correctly filled for the
pycryptodomex package. Thanks to John W. O'Brien.

3.4.8

Not secure
+++++++++++++++++++++++

New features
------------

* Added a native extension in pure C for modular exponentiation, optimized for SSE2 on x86.
In the process, we drop support for the arbitrary arithmetic library MPIR
on Windows, which is painful to compile and deploy.
The custom modular exponentiation is 130% (160%) slower on an Intel CPU in 32-bit (64-bit) mode,
compared to MPIR. Still, that is much faster that CPython's own `pow()` function which
is 900% (855%) slower than MPIR. Support for the GMP library on Unix remains.
* Added support for *manylinux* wheels.
* Support for Python 3.7.

Resolved issues
---------------

* The DSA parameter 'p' prime was created with 255 bits cleared
(but still with the correct strength).
* GH106. Not all docs were included in the tar ball.
Thanks to Christopher Hoskin.
* GH109. ECDSA verification failed for DER encoded signatures.
Thanks to Alastair Houghton.
* Human-friendly messages for padding errors with ECB and CBC.

Page 8 of 11

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.