Mailman 3 March 2017 - Twisted

[Twisted-Python] Buildbot downtime
by Tom Prince March 3, 2022

March 3, 2022

I am plannig to upgrade twisted's buildbot in the near future. In preperation for that, I am going to take down the production buildbot on Tuesday, June 26, around 1600 UTC[1]. During that time, the result of any builds done will be lost. Thus, I'd ask that people avoid committing to trunk during that time. I will send a reminder before I take down the buildbot both here, and on #twisted and #twisted-dev. Tom [1] http://timeanddate.com/worldclock/meetingtime.html?iso=20120626&p1=80&p2=22…

2 8

[Twisted-Python] Twisted Python 0.7.0 Prerelease Testing
by Glyph Lefkowitz Aug. 5, 2021

Aug. 5, 2021

hi there, folks: I'd really like to release 0.7.0 but I would like it to be at least a little bit tested before I do so. Could those of you with CVS trees check everything out and see if it performs as advertised? Deeper bugs than that will have to wait for the next release, but I'd at least like to know if it works for someone other than me. Thanks. ______ __ __ _____ _ _ | ____ | \_/ |_____] |_____| |_____| |_____ | | | | @ t w i s t e d m a t r i x . c o m http://www.twistedmatrix.com/~glyph/

4 5

[Twisted-Python] Real Viagra Professional - for real sex pros
by Tamika May 1, 2019

May 1, 2019

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <center> <a href="http://rqf.entercompassion.com"><img src="http://mediapix.ru/pics/685207b3dd437eff7f15c0744b5c1d3a.gif"> <title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="http://gfx8.nnt.com/mail/12.0.1187.0824/positioning.css" /> </head> <body style="overflow:auto;"> <div id="PrintShellToolbar"> <div class="ContainerPadding"> <span class="FloatRight"> <a href= > <img alt="" src="http://gfx1.nfi.com/mail/w2/pr02/ltr/glyph_close_rest.gif" /> <Close window> <a href= > <img alt="" src="http://gfx2.czb.com/mail/w2/pr02/ltr/i_print.gif" /> <Print> </a> </span> </div> </div> <div> <div class="BorderContainerOutline ContainerPadding"> <div class="ClearBoth"> <span class="HeaderData" style="font-size:large;"> <TuPostal.com Cambia de nombre?> </span> </div> <div class="ClearBoth"> <span class="HeaderLabel"> <From:> </span> <span class="HeaderData"> <b><TuPostal.com></b> </span> </div> <div class="ClearBoth"> <span class="HeaderLabel"> <Sent:> </span> <span class="HeaderData"> <div class="ClearBoth"> <span class="HeaderLabel"> To: </span> <span class="HeaderData"> Mikelelliott (mikelelliott(a)rlo.com) </span> </div> <br /> </div> </div> <div class="MessageBody" style=""> <br /> <div id="MessageBodyText" class="ExternalClass" style="border: 1px solid #fff ;"> <pre>Hola!<br> <br>Tupostal es ahora parte de Sonico!<br> <br>Para conocer nuestro nuevo sitio, haz clic en el siguiente link:<br><a href='http://www.gwpcom/index1.php' target='_blank'>http://www.bjncom/index1.php</a><br> <br>Sonico es un sitio donde puedes...<br>- Guardar fotos ilimitadas<br>- Re encontrarte con viejos amigos<br>- Recibir novedades de tus amigos.<br> <br>Te Esperamos! Ya somos mas de 21 millones de usuarios!!<br> <br>Sonico - Amigos Conectados<br> <br> <br>PD: Ahora tambien podras guardar tus postales<br> <br> <br>------------------------------------------<br>Haz recibido este email porque te encuentras registrado en fdm.com.<br>Si no deseas recibir mas mensajes como este, por favor haz clic en el siguiente link:<br><a href='http://www.cehcom/unsubscribe.php?type=2' target='_blank'>http://www.fyocom/unsubscribe.php?type=2</a><br> <br></pre> </div> </div> </div> </body> </html>

8 10

[Twisted-Python] automatic subscription should be working again
by Glyph Lefkowitz March 30, 2017

March 30, 2017

The web forms at https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python <https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python> as well as https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web <https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web> should now be accepting web-based subscriptions again. Right now the configuration has not technically changed - just to be safe, for the first day or two, we're going to leave the administrative-approval check in place on new subscribers, but I think that we have managed to address the main problem that was leading to abuse (usually one spam comes in every couple of seconds, and there hasn't been one for nearly an hour now). If I don't see any more spammer subscription attempts in the next 24h I will likely make it fully self-service again. Tell your friends, come join us to talk about Twisted! (Or Twisted's mailing lists, you know, as we do here.) This is probably a bigger deal to me than anyone else, since making sure our abysmal mail infrastructure didn't fall over and stop delivering messages to project members or DDoS some poor soul on the other side of the planet has been a grindingly tedious intermittent task for me over the last year. Processing new subscription requests, and trying to disambiguate them from spammers, has been particularly time-consuming and frustrating; I suspect that a few dozen people who would really prefer to be on this list now have bounced off of the byzantine subscription process in the last six months. The visibility and confidence that Mailgun's deliverability tracking has given me, plus some Mailman upgrades and configuration changes, should vastly reduce the amount of ongoing work that mail infra maintenance requires for me, so that I can get my PyCon talk done in time this year. Maybe even fix a Twisted bug or two. My my very heartfelt thanks to M-jimt on the #mailman IRC channel on Freenode for giving me several tips which lead to this final change. Thank you all for your patience, and I _really_ hope that this is my last posting about meta-level mailing list junk this year :-). -glyph

2 2

Re: [Twisted-Python] Regarding the SHA 512 support in twisted.
by jabir Mohammed (jamohamm) March 27, 2017

March 27, 2017

Hi Team, Wanted to bring one code changes which is really required from twisted side otherwise it is not behaving as per RFC (rfc4253 Section 7.2), twisted is failing when we negotiate any kex algorithm based on SHA1 and we have MAC as hmac-sha2-512. The reason for the failure was the below code hashProcessor = _kex.getHashProcessor(self.kexAlg) k1 = hashProcessor(sharedSecret + exchangeHash + c + self.sessionID) k1 = k1.digest() k2 = hashProcessor(sharedSecret + exchangeHash + k1).digest() return k1 + k2 For SHA512 we need 64 byte key and if the Kex is based on SHA1 then it will only generate 40 byte key and that induce a failure. So we need to modify the code as below to make it generic and make it comply with RFC (rfc4253 Section 7.2). So that twisted can work irrespective of what kex is been used. Actual code should plot in is like below hashProcessor = _kex.getHashProcessor(self.kexAlg) k1 = hashProcessor(sharedSecret + exchangeHash + c + self.sessionID) k1 = k1.digest() k2 = hashProcessor(sharedSecret + exchangeHash + k1).digest() k3 = hashProcessor(sharedSecret + exchangeHash + k1 + k2).digest() k4 = hashProcessor(sharedSecret + exchangeHash + k1 + k2 + k3).digest() return k1 + k2 + k3 + k4 Can somebody help me to plot this fix so that twisted will work fine with all the other servers out there and even make it comply to the RFC. Thanks in advance and this will be my first findings on twisted code ;). Please let me know in case of any doubt on the same. Code changes should be plotted in to the routine _getKey, file name is src/twisted/conch/ssh/transport.py . Please help me with this commit team. Thanks, Jabir \|/ ------- ( o o ) oooO---O---Oooonull From: Alex Gaynor <alex.gaynor(a)gmail.com<mailto:alex.gaynor@gmail.com>> Date: Wednesday, 1 March 2017 9:26 am To: jabir mohammed <jamohamm(a)cisco.com<mailto:jamohamm@cisco.com>> Cc: Itamar Turner-Trauring <itamar(a)itamarst.org<mailto:itamar@itamarst.org>>, "security(a)twistedmatrix.com<mailto:security@twistedmatrix.com>" <security(a)twistedmatrix.com<mailto:security@twistedmatrix.com>> Subject: Re: Regarding the SHA 512 support in twisted. This doesn't appear to be a security issue. You can file an issue on the public tracker. Alex On Tue, Feb 28, 2017 at 10:54 PM, jabir Mohammed (jamohamm) <jamohamm(a)cisco.com<mailto:jamohamm@cisco.com>> wrote: Thanks Alex for the response. In our server we added support of HMAC-SHA-512 and HMAC-SHA-256 support for MAC. When we try to negotiate this hmac with most of the other client like Paramiko, OpenSSH and other flavours of SSH its working fine. But we are seeing a problem with twisted client that too only with HMAC-SHA-512. We have a limitation from our side to debug this since we don’t know what is happening from the client side. We have taken our derived key for the HMAC and as well as the input to derive the MAC using online tools and it matches with whatever we have generated but whatever is been sent across the other Twisted side differs and we are closing the session. This is been tagged critical since most of the customers are migrating to Twisted and will be a deployment blocker for us. What we suspect is the key or the algorithm itself. Please see the snippet below This is our inmac Key ---------------------------- RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: ssh_integrity_check: inmac.key RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0000<tel:0000> - a5 cb a5 bb 4c 34 a7 bf-95 e9 00 23 1e 09 17 0c ....L4.....#.... RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0010<tel:0010> - 1c e1 3f d9 a7 42 d9 87-54 23 64 16 e5 e2 c3 76 ..?..B..T#d....v RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0020<tel:0020> - 2a bc 53 c6 85 78 81 eb-e4 3e fb f7 cc a3 1f 6e *.S..x...>.....n RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0030<tel:0030> - d9 a5 0e 73 d0 44 79 a9-d3 19 32 3b 26 92 bb 70 ...s.Dy...2;&..p<http://s.Dy...2;&..p> This is our input data to the hmac-sha-512 ----------------------------------------------------- RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: ssh_integrity_check: input.data to HMAC API RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0000<tel:0000> - 00 00 00 03 00 00 00 1c-0a 05 00 00 00 0c 73 73 ..............ss RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0010<tel:0010> - 68 2d 75 73 65 72 61 75-74 68 64 de 66 fb ab 31 h-userauthd.f..1 RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0020<tel:0020> - ba 7e 56 e5 .~V. The digest which is been sent from the twisted client side(Red) ----------------------------------------------------------------------- RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: ssh_integrity_check: digest RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0000<tel:0000> - 95 f7 99 27 48 28 35 da-62 92 0e 51 0f af 62 b1 ...'H(5.b..Q..b. RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0010<tel:0010> - 93 d1 4d 46 5f d9 21 7a-b9 fb 86 b6 6e 00 a3 aa ..MF_.!z....n... RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0020<tel:0020> - 84 a9 58 60 5e 1c 86 98-b4 1f 00 40 d5 72 aa cf ..X`^......@.r.. RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0030<tel:0030> - 4b 1d 05 2d a4 68 96 9c-7b c7 9d 83 1d c2 1d 5b K..-.h..{……[ The digest which got created from our side using the same key and input data mentioned above(Green) ——————————————————————————————————————————————————————————————— RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0000<tel:0000> - 36 36 5c 6e 2d be f1 d8-ae 4f 5a 72 30 2d 25 c0 66\n-....OZr0-%. RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0010<tel:0010> - 0e e8 d6 96 6e 10 38 af-65 15 51 ff a7 ca 7d b4 ....n.8.e.Q...}. RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0020<tel:0020> - 7c c8 15 b8 5a 9b 5e c4-b5 ac 4c 51 7e de 77 41 |...Z.^...LQ~.wA RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0030<tel:0030> - 32 63 61 5e f5 1a 31 d1-f7 89 d0 0b 11 3c 48 f6 2ca^..1......<H. If you see the details this is the useauth first packet and we are not able to proceed because of the failure. We used online tool to do this calculation and we are getting the same output as what we generated so the one marked as red is creating problem.So the root cause could be either the key which is been derived or the algorithm so to debug that we need to enable details logging from client side. We can share the details with respective engineer and show what we are facing. Please help. Online tool which we used to check our algorithm is: which result in same MAC marked as green. https://www.liavaag.org/English/SHA-Generator/HMAC/ Thanks, Jabir \|/ ------- ( o o ) oooO---O---Oooonull From: Alex Gaynor <alex.gaynor(a)gmail.com<mailto:alex.gaynor@gmail.com>> Date: Wednesday, 1 March 2017 6:39 am To: Itamar Turner-Trauring <itamar(a)itamarst.org<mailto:itamar@itamarst.org>> Cc: jabir mohammed <jamohamm(a)cisco.com<mailto:jamohamm@cisco.com>>, "security(a)twistedmatrix.com<mailto:security@twistedmatrix.com>" <security(a)twistedmatrix.com<mailto:security@twistedmatrix.com>> Subject: Re: FW: Regarding the SHA 512 support in twisted. Hi, I think I'm missing some context here, what part of twisted are you trying to use SHA-512 for a MAC with? It sounds like Conch? Can you show how I could reproduce the problem? Alex On Tue, Feb 28, 2017 at 8:06 PM, Itamar Turner-Trauring <itamar(a)itamarst.org<mailto:itamar@itamarst.org>> wrote: Hi, Forwarding on to security contact to see if they think it's a security problem; otherwise you can probably just file a normal ticket. On Tue, Feb 28, 2017, at 05:01 AM, jabir Mohammed (jamohamm) wrote: Hi Team, Wanted to cross check on SHA 512 algorithm as MAC while using twisted. Few of our customers started using Twisted and even we are trying to incorporate some scripts via twisted client. But what we have noticed is that when we negotiate SHA 512 MAC with twisted we always get a failure and other MAC algorithms are working fine with twisted. So wanted to cross check do we have any bug or any issue with SHA 512 and twisted and how we can debug this from twisted side. We checked the same with other OpenSSH client and even paramiko things work perfectly fine so wanted to debug further from the twisted side. We checked with the same derived key and the output whatever we got from SHA 512 is what we are getting from the online tool so we suspect something to do with the key or hash algorithm from the other side. We used the twisted 16.6.0 version for testing, thanks in advance for looking in to this email. Thanks, Jabir \|/ ------- ( o o ) oooO---O---Oooonull -- Itamar Turner-Trauring -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6 -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6

3 4

Re: [Twisted-Python] Regarding the SHA 512 support in twisted.
by jabir Mohammed (jamohamm) March 27, 2017

March 27, 2017

Its a security issue even you are allowing a weaker key in case of 64 bytes deriving only 40 bytes. Let me know how we issue a tracker bug can you please guide me. Since don’t want someone else to waist effort in debugging the same issue. Thanks, Jabir \|/ ------- ( o o ) oooO---O---Oooonull From: Alex Gaynor <alex.gaynor(a)gmail.com<mailto:alex.gaynor@gmail.com>> Date: Monday, 27 March 2017 4:34 pm To: jabir mohammed <jamohamm(a)cisco.com<mailto:jamohamm@cisco.com>> Cc: Itamar Turner-Trauring <itamar(a)itamarst.org<mailto:itamar@itamarst.org>>, "security(a)twistedmatrix.com<mailto:security@twistedmatrix.com>" <security(a)twistedmatrix.com<mailto:security@twistedmatrix.com>>, Twisted general discussion <twisted-python(a)twistedmatrix.com<mailto:twisted-python@twistedmatrix.com>>, "twisted-python-bounces(a)twistedmatrix.com<mailto:twisted-python-bounces@twistedmatrix.com>" <twisted-python-bounces(a)twistedmatrix.com<mailto:twisted-python-bounces@twistedmatrix.com>> Subject: Re: Regarding the SHA 512 support in twisted. This is not a security issue, so this address isn't the right place for this discussion. Please use the public twisted issue tracker. Alex On Mon, Mar 27, 2017 at 5:33 AM, jabir Mohammed (jamohamm) <jamohamm(a)cisco.com<mailto:jamohamm@cisco.com>> wrote: Hi Team, Wanted to bring one code changes which is really required from twisted side otherwise it is not behaving as per RFC (rfc4253 Section 7.2), twisted is failing when we negotiate any kex algorithm based on SHA1 and we have MAC as hmac-sha2-512. The reason for the failure was the below code hashProcessor = _kex.getHashProcessor(self.kexAlg) k1 = hashProcessor(sharedSecret + exchangeHash + c + self.sessionID) k1 = k1.digest() k2 = hashProcessor(sharedSecret + exchangeHash + k1).digest() return k1 + k2 For SHA512 we need 64 byte key and if the Kex is based on SHA1 then it will only generate 40 byte key and that induce a failure. So we need to modify the code as below to make it generic and make it comply with RFC (rfc4253 Section 7.2). So that twisted can work irrespective of what kex is been used. Actual code should plot in is like below hashProcessor = _kex.getHashProcessor(self.kexAlg) k1 = hashProcessor(sharedSecret + exchangeHash + c + self.sessionID) k1 = k1.digest() k2 = hashProcessor(sharedSecret + exchangeHash + k1).digest() k3 = hashProcessor(sharedSecret + exchangeHash + k1 + k2).digest() k4 = hashProcessor(sharedSecret + exchangeHash + k1 + k2 + k3).digest() return k1 + k2 + k3 + k4 Can somebody help me to plot this fix so that twisted will work fine with all the other servers out there and even make it comply to the RFC. Thanks in advance and this will be my first findings on twisted code ;). Please let me know in case of any doubt on the same. Code changes should be plotted in to the routine _getKey, file name is src/twisted/conch/ssh/transport.py . Please help me with this commit team. Thanks, Jabir \|/ ------- ( o o ) oooO---O---Oooonull From: Alex Gaynor <alex.gaynor(a)gmail.com<mailto:alex.gaynor@gmail.com>> Date: Wednesday, 1 March 2017 9:26 am To: jabir mohammed <jamohamm(a)cisco.com<mailto:jamohamm@cisco.com>> Cc: Itamar Turner-Trauring <itamar(a)itamarst.org<mailto:itamar@itamarst.org>>, "security(a)twistedmatrix.com<mailto:security@twistedmatrix.com>" <security(a)twistedmatrix.com<mailto:security@twistedmatrix.com>> Subject: Re: Regarding the SHA 512 support in twisted. This doesn't appear to be a security issue. You can file an issue on the public tracker. Alex On Tue, Feb 28, 2017 at 10:54 PM, jabir Mohammed (jamohamm) <jamohamm(a)cisco.com<mailto:jamohamm@cisco.com>> wrote: Thanks Alex for the response. In our server we added support of HMAC-SHA-512 and HMAC-SHA-256 support for MAC. When we try to negotiate this hmac with most of the other client like Paramiko, OpenSSH and other flavours of SSH its working fine. But we are seeing a problem with twisted client that too only with HMAC-SHA-512. We have a limitation from our side to debug this since we don’t know what is happening from the client side. We have taken our derived key for the HMAC and as well as the input to derive the MAC using online tools and it matches with whatever we have generated but whatever is been sent across the other Twisted side differs and we are closing the session. This is been tagged critical since most of the customers are migrating to Twisted and will be a deployment blocker for us. What we suspect is the key or the algorithm itself. Please see the snippet below This is our inmac Key ---------------------------- RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: ssh_integrity_check: inmac.key RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0000<tel:0000> - a5 cb a5 bb 4c 34 a7 bf-95 e9 00 23 1e 09 17 0c ....L4.....#.... RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0010<tel:0010> - 1c e1 3f d9 a7 42 d9 87-54 23 64 16 e5 e2 c3 76 ..?..B..T#d....v RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0020<tel:0020> - 2a bc 53 c6 85 78 81 eb-e4 3e fb f7 cc a3 1f 6e *.S..x...>.....n RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0030<tel:0030> - d9 a5 0e 73 d0 44 79 a9-d3 19 32 3b 26 92 bb 70 ...s.Dy...2;&..p<http://s.Dy...2;&..p> This is our input data to the hmac-sha-512 ----------------------------------------------------- RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: ssh_integrity_check: input.data to HMAC API RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0000<tel:0000> - 00 00 00 03 00 00 00 1c-0a 05 00 00 00 0c 73 73 ..............ss RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0010<tel:0010> - 68 2d 75 73 65 72 61 75-74 68 64 de 66 fb ab 31 h-userauthd.f..1 RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0020<tel:0020> - ba 7e 56 e5 .~V. The digest which is been sent from the twisted client side(Red) ----------------------------------------------------------------------- RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: ssh_integrity_check: digest RP/0/RSP0/CPU0:Feb 23 18:12:43.895 : SSHD_[65795]: 0000<tel:0000> - 95 f7 99 27 48 28 35 da-62 92 0e 51 0f af 62 b1 ...'H(5.b..Q..b. RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0010<tel:0010> - 93 d1 4d 46 5f d9 21 7a-b9 fb 86 b6 6e 00 a3 aa ..MF_.!z....n... RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0020<tel:0020> - 84 a9 58 60 5e 1c 86 98-b4 1f 00 40 d5 72 aa cf ..X`^......@.r.. RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0030<tel:0030> - 4b 1d 05 2d a4 68 96 9c-7b c7 9d 83 1d c2 1d 5b K..-.h..{……[ The digest which got created from our side using the same key and input data mentioned above(Green) ——————————————————————————————————————————————————————————————— RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0000<tel:0000> - 36 36 5c 6e 2d be f1 d8-ae 4f 5a 72 30 2d 25 c0 66\n-....OZr0-%. RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0010<tel:0010> - 0e e8 d6 96 6e 10 38 af-65 15 51 ff a7 ca 7d b4 ....n.8.e.Q...}. RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0020<tel:0020> - 7c c8 15 b8 5a 9b 5e c4-b5 ac 4c 51 7e de 77 41 |...Z.^...LQ~.wA RP/0/RSP0/CPU0:Feb 23 18:12:43.896 : SSHD_[65795]: 0030<tel:0030> - 32 63 61 5e f5 1a 31 d1-f7 89 d0 0b 11 3c 48 f6 2ca^..1......<H. If you see the details this is the useauth first packet and we are not able to proceed because of the failure. We used online tool to do this calculation and we are getting the same output as what we generated so the one marked as red is creating problem.So the root cause could be either the key which is been derived or the algorithm so to debug that we need to enable details logging from client side. We can share the details with respective engineer and show what we are facing. Please help. Online tool which we used to check our algorithm is: which result in same MAC marked as green. https://www.liavaag.org/English/SHA-Generator/HMAC/ Thanks, Jabir \|/ ------- ( o o ) oooO---O---Oooonull From: Alex Gaynor <alex.gaynor(a)gmail.com<mailto:alex.gaynor@gmail.com>> Date: Wednesday, 1 March 2017 6:39 am To: Itamar Turner-Trauring <itamar(a)itamarst.org<mailto:itamar@itamarst.org>> Cc: jabir mohammed <jamohamm(a)cisco.com<mailto:jamohamm@cisco.com>>, "security(a)twistedmatrix.com<mailto:security@twistedmatrix.com>" <security(a)twistedmatrix.com<mailto:security@twistedmatrix.com>> Subject: Re: FW: Regarding the SHA 512 support in twisted. Hi, I think I'm missing some context here, what part of twisted are you trying to use SHA-512 for a MAC with? It sounds like Conch? Can you show how I could reproduce the problem? Alex On Tue, Feb 28, 2017 at 8:06 PM, Itamar Turner-Trauring <itamar(a)itamarst.org<mailto:itamar@itamarst.org>> wrote: Hi, Forwarding on to security contact to see if they think it's a security problem; otherwise you can probably just file a normal ticket. On Tue, Feb 28, 2017, at 05:01 AM, jabir Mohammed (jamohamm) wrote: Hi Team, Wanted to cross check on SHA 512 algorithm as MAC while using twisted. Few of our customers started using Twisted and even we are trying to incorporate some scripts via twisted client. But what we have noticed is that when we negotiate SHA 512 MAC with twisted we always get a failure and other MAC algorithms are working fine with twisted. So wanted to cross check do we have any bug or any issue with SHA 512 and twisted and how we can debug this from twisted side. We checked the same with other OpenSSH client and even paramiko things work perfectly fine so wanted to debug further from the twisted side. We checked with the same derived key and the output whatever we got from SHA 512 is what we are getting from the online tool so we suspect something to do with the key or hash algorithm from the other side. We used the twisted 16.6.0 version for testing, thanks in advance for looking in to this email. Thanks, Jabir \|/ ------- ( o o ) oooO---O---Oooonull -- Itamar Turner-Trauring -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6 -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6 -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6

2 2

[Twisted-Python] Weekly Bug Summary
by trac＠twistedmatrix.com March 25, 2017

March 25, 2017

1 0

[Twisted-Python] Is this turned on right now?
by Glyph Lefkowitz March 25, 2017

March 25, 2017

The answer should be "no", I believe it will bounce. -g

1 1

[Twisted-Python] in case there's downtime
by Glyph Lefkowitz March 25, 2017

March 25, 2017

We've been very conservative about upgrading our operating system on twistedmatrix.com <http://twistedmatrix.com/>, since we don't want to disrupt anything. Since our OS is one release too old to support Docker, that unfortunately means we haven't been able to migrate incrementally to containers, which creates a bit of a chicken-and-egg problem. However, as we are days away from the end-of-life cliff for the operating system as a whole, and as I discovered a few minutes ago, dozens of packages are already unsupported and not receiving security updates, I'm going to upgrade the host OS manually, even if it results in some disruption. As with the Twisted compatibility policy, security is a good enough reason to break stuff. Maybe we'll even get a new version of Mailman that will let me turn automatic subscriptions back on while the star-crossed https://lists.twistedmatrix.com <https://lists.twistedmatrix.com/> project waits for someone else to help out :-). -glyph

2 2

[Twisted-Python] Weekly Bug Summary
by trac＠twistedmatrix.com March 18, 2017

March 18, 2017

1 0