diff options
Diffstat (limited to 'pipermail/pycrypto/2015/000855.html')
-rw-r--r-- | pipermail/pycrypto/2015/000855.html | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/pipermail/pycrypto/2015/000855.html b/pipermail/pycrypto/2015/000855.html new file mode 100644 index 0000000..1dd6563 --- /dev/null +++ b/pipermail/pycrypto/2015/000855.html @@ -0,0 +1,122 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML> + <HEAD> + <TITLE> [pycrypto] Security of public_key.encrypt() and private_key.decrypt() + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20%3D%3Futf-8%3Fq%3FSecurity_of_public%3D5Fkey%3D2Eencrypt%3D28%3D29_and%3F%3D%0A%20%3D%3Futf-8%3Fq%3F_private%3D5Fkey%3D2Edecrypt%3D28%3D29%3F%3D&In-Reply-To=%3Ce2da767767d6485894048f9f21637889%40otpme.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <style type="text/css"> + pre { + white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */ + } + </style> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000853.html"> + <LINK REL="Next" HREF="000856.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[pycrypto] Security of public_key.encrypt() and private_key.decrypt()</H1> + <B>the2nd at otpme.org</B> + <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20%3D%3Futf-8%3Fq%3FSecurity_of_public%3D5Fkey%3D2Eencrypt%3D28%3D29_and%3F%3D%0A%20%3D%3Futf-8%3Fq%3F_private%3D5Fkey%3D2Edecrypt%3D28%3D29%3F%3D&In-Reply-To=%3Ce2da767767d6485894048f9f21637889%40otpme.org%3E" + TITLE="[pycrypto] Security of public_key.encrypt() and private_key.decrypt()">the2nd at otpme.org + </A><BR> + <I>Sat Oct 10 13:32:55 PDT 2015</I> + <P><UL> + <LI>Previous message: <A HREF="000853.html">[pycrypto] Verifying RSA signature generated by openssl +</A></li> + <LI>Next message: <A HREF="000856.html">[pycrypto] RIPEMD-160 self-test failure +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#855">[ date ]</a> + <a href="thread.html#855">[ thread ]</a> + <a href="subject.html#855">[ subject ]</a> + <a href="author.html#855">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Hi, + +I'm not sure if this is the right list to ask my question but i'll give +it a try. + +After reading the docs and doing some tests i found out that the +encrypt()/decrypt() methods of the RSA key object exactly do what i need +for OTPme (<A HREF="http://www.otpme.org">http://www.otpme.org</A>). +My requirement is that the ciphertext for the same cleartext will always +be the same. Thats not the case when using a scheme like PKCS1_OAEP and +i guess that this behavior cannot be changed (probably for a good +reason). + +To be clear, i'm talking about this methods: +<A HREF="https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#encrypt">https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#encrypt</A> + +I guess the ciphertext generated by the methods above is vulnerable to +brute force attacks. If i encrypt the string "hello world" with the +public key and the resulting ciphertext is always the same its easy to +brute force. But are there any other security implications when using +this methods? + +My use case is the following: +- The user logs in using the OTPme PAM module which sends a auth request +the the OTPme server +- On success the server sends back a session password (32 char hex +string) +- The client generates a RSA key pair +- The session password is added to the otpme-agent which keeps it in +memory only +- The session password is encrypted with the RSA public key +- The encrypted session password along with the public key is saved to a +file +- The private key is encrypted using AES with the users password (or +some hardware token like the yubikey via HMAC challenge/response) +- The encrypted private key is saved to a file along with the offline +token data +- From time to time the agent does a renegotiation with the server and +gets a new session password +- The agent encrypts the old password with the public key from the +session file and checks if the ciphertext matches the one from the +session file + - Thats the reason for my initial requirement. Without this check an +attacker could create a fake session file with a public key he has the +private key for... +- The agent encrypts the new session password with the public key from +the session file and replaces the old encrypted session password with +the new one + +Thats the short version of what the OTPme client does. There are some +more things because it supports offline logins etc. but this should not +be important for my question. + +So my final question is. Is it secure to save a 32 char hex string +encrpyted with the public key encrypt() method? + +There are some other things i am unsure about when it comes to AES +encryption but thats for another mail.... + +regards +the2nd +</PRE> + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000853.html">[pycrypto] Verifying RSA signature generated by openssl +</A></li> + <LI>Next message: <A HREF="000856.html">[pycrypto] RIPEMD-160 self-test failure +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#855">[ date ]</a> + <a href="thread.html#855">[ thread ]</a> + <a href="subject.html#855">[ subject ]</a> + <a href="author.html#855">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto +mailing list</a><br> +</body></html> |