diff options
Diffstat (limited to 'pipermail/pycrypto/2014q4/000830.html')
-rw-r--r-- | pipermail/pycrypto/2014q4/000830.html | 188 |
1 files changed, 188 insertions, 0 deletions
diff --git a/pipermail/pycrypto/2014q4/000830.html b/pipermail/pycrypto/2014q4/000830.html new file mode 100644 index 0000000..e6195e9 --- /dev/null +++ b/pipermail/pycrypto/2014q4/000830.html @@ -0,0 +1,188 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML> + <HEAD> + <TITLE> [pycrypto] Bug in PyCrypto 2.6.1 + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Bug%20in%20PyCrypto%202.6.1&In-Reply-To=%3C20141222222814.GA19693%40syra.lan%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <style type="text/css"> + pre { + white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */ + } + </style> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000828.html"> + <LINK REL="Next" HREF="000829.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[pycrypto] Bug in PyCrypto 2.6.1</H1> + <B>Dwayne Litzenberger</B> + <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Bug%20in%20PyCrypto%202.6.1&In-Reply-To=%3C20141222222814.GA19693%40syra.lan%3E" + TITLE="[pycrypto] Bug in PyCrypto 2.6.1">dlitz at dlitz.net + </A><BR> + <I>Mon Dec 22 14:28:14 PST 2014</I> + <P><UL> + <LI>Previous message: <A HREF="000828.html">[pycrypto] Bug in PyCrypto 2.6.1 +</A></li> + <LI>Next message: <A HREF="000829.html">[pycrypto] Unable to compile PyCrypto 2.6.1 on windows + msvc compiler + python 3.4.2 64bit, missing python imports? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#830">[ date ]</a> + <a href="thread.html#830">[ thread ]</a> + <a href="subject.html#830">[ subject ]</a> + <a href="author.html#830">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Fri, Dec 12, 2014 at 01:58:27PM +0100, Luis González Fernández wrote: +><i>Any news about this? +</I> + >>> from Crypto import __version__ + >>> print(__version__) + 2.0.1 + >>> from Crypto.PublicKey import RSA + >>> import os + >>> RSA.generate(2048, os.urandom).size() + 2047 + +Ugh. Yeah, this is yet another flaw in the design of +Crypto.PublicKey.pubkey. Unfortunately, this behavior has existed since +at least PyCrypto 2.0.1, so I don't think we should silently change it +at this point. The whole thing should probably be deprecated and +replaced, but at this point it might be better for new code to just use +pyca's RSA primitive: + + >>> from cryptography.hazmat.backends import default_backend + >>> from cryptography.hazmat.primitives.asymmetric import rsa + >>> k = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) + >>> k.key_size + 2048 + >>> # See docs: <A HREF="https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/">https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/</A> + +I think it would be worth putting a warning and an example in the +docs/docstring about this. + +Cheers, +- Dwayne + +On Fri, Dec 12, 2014 at 01:58:27PM +0100, Luis González Fernández wrote: +><i>Hi All: +</I>><i> +</I>><i>Any news about this? +</I>><i> +</I>><i> +</I>><i>On 01/12/14 18:48, Lorenz Quack wrote: +</I>>><i> On 01/12/14 17:23, Mirko Dziadzka wrote: +</I>>>><i> Oh, I totally agree. Either the name or the implementation has a +</I>>>><i> problem. +</I>>><i> +</I>>><i> +1 +</I>>><i> +</I>>>><i> +</I>>>><i> I was just pointing out that the behavior is consistent with the +</I>>>><i> documentation in +</I>>>><i> <A HREF="https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#size">https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#size</A> +</I>>><i> +</I>>><i> I disagree. As I showed in the code example and you pointed out in +</I>>><i> your previous post there are *some* values that the key can handle +</I>>><i> with more bits than reported by size(). +</I>>><i> So, size() is *not* the "maximum number of bits that can be handled by +</I>>><i> this key". +</I>>><i> It is the maximum number of bits that is guaranteed to work for all +</I>>><i> values. +</I>>><i> +</I>>><i> Lorenz +</I>>><i> +</I>>>><i> +</I>>>><i> Mirko +</I>>>><i> +</I>>>><i> +</I>>>><i> On 01.12.2014, at 17:31, Paul Koning <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">paul_koning at dell.com</A>> wrote: +</I>>>><i> +</I>>>>><i> To me, key_size means the size of the key. It doesn’t mean the +</I>>>>><i> largest value you can encrypt. If that is what is intended, or if +</I>>>>><i> it has to stay that way for historical reasons, fine, but it needs +</I>>>>><i> to be very clearly pointed out in the documentation because it is +</I>>>>><i> unexpected and counterintuitive. +</I>>>>><i> +</I>>>>><i> paul +</I>>>>><i> +</I>>>>>><i> On Dec 1, 2014, at 11:13 AM, Mirko Dziadzka +</I>>>>>><i> <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">mirko.dziadzka at gmail.com</A>> wrote: +</I>>>>>><i> +</I>>>>>><i> HI +</I>>>>>><i> +</I>>>>>><i> Some thoughts about this … +</I>>>>>><i> +</I>>>>>>><i> _RSA.RSAobj.size.__doc__ says: Return the maximum number of bits +</I>>>>>>><i> that can be handled by this key +</I>>>>>><i> +</I>>>>>><i> An RSA key can only encrypt data smaller than this key. So if we +</I>>>>>><i> have an 2048 bit RSA key, it can encrypt some 2048 bit values, but +</I>>>>>><i> not all. So 2047 should be the safe value here. +</I>>>>>><i> +</I>>>>>><i> IMHO this -1 is correct here. +</I>>>>>><i> +</I>>>>>><i> Mirko +</I>>>>><i> +</I>>>>><i> _______________________________________________ +</I>>>>><i> pycrypto mailing list +</I>>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> +</I>>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A> +</I>>>><i> +</I>>>><i> _______________________________________________ +</I>>>><i> pycrypto mailing list +</I>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> +</I>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A> +</I>>>><i> +</I>>><i> +</I>>><i> _______________________________________________ +</I>>><i> pycrypto mailing list +</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> +</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A> +</I>><i> +</I>><i>-- +</I>><i> +</I>><i>-- +</I>><i>Luis González Fernández +</I>><i><A HREF="https://www.luisgf.es">https://www.luisgf.es</A> +</I>><i>PGP ID: C918B80F (DD6F BFC1 FC14 4C81 34F8 EA1E 6BCB C27F C918 B80F) +</I>><i>Twitter: @luisgf_2001 / Jabber: <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">luisgf at mijabber.es</A> +</I>><i> +</I>><i> +</I> + + +><i>_______________________________________________ +</I>><i>pycrypto mailing list +</I>><i><A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> +</I>><i><A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A> +</I> + +-- +Dwayne C. Litzenberger <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">dlitz at dlitz.net</A>> + OpenPGP: 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7 +</PRE> + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000828.html">[pycrypto] Bug in PyCrypto 2.6.1 +</A></li> + <LI>Next message: <A HREF="000829.html">[pycrypto] Unable to compile PyCrypto 2.6.1 on windows + msvc compiler + python 3.4.2 64bit, missing python imports? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#830">[ date ]</a> + <a href="thread.html#830">[ thread ]</a> + <a href="subject.html#830">[ subject ]</a> + <a href="author.html#830">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto +mailing list</a><br> +</body></html> |