diff options
Diffstat (limited to 'pipermail/pycrypto/attachments/20120412/91c526c7/attachment.html')
-rw-r--r-- | pipermail/pycrypto/attachments/20120412/91c526c7/attachment.html | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/pipermail/pycrypto/attachments/20120412/91c526c7/attachment.html b/pipermail/pycrypto/attachments/20120412/91c526c7/attachment.html new file mode 100644 index 0000000..ae9d20e --- /dev/null +++ b/pipermail/pycrypto/attachments/20120412/91c526c7/attachment.html @@ -0,0 +1,41 @@ +<tt> +<span class="gD">Legrandin thank you for your help.<br>When i have time i will put something on pastebin so it can serve as example for future members that require this type of solution :)<br><br>Regards<br>A/T<br></span><br><br> +<div class="gmail_quote">2012/4/11 Legrandin <span dir="ltr"><<a href="mailto:gooksankoo@hoiptorrow.mailexpire.com">gooksankoo@hoiptorrow.mailexpire.com</a>></span><br><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br> +<div class="im">> So after a small search i found out that if i increase the RSA Modulus i'm<br><br> +> able to encrypt larger number of bits ( makes sense ) but this feels dirty.<br><br> +><br><br> +> What do your guys recommend ?<br><br> +><br><br> +> Breaking the data in chunks and encrypting part by part joining it all in a<br><br> +> buffer and send it down the socket all in one with the other server<br><br> +> decrypting part by part and merging the data again ?<br><br> +><br><br> +> P.S - I dont mind fishing by myself just trying to understand the best "way<br><br> +> / more correct way " to do it :)<br><br> +<br><br> +</div>Hi Antonio,<br><br> +<br><br> +Increasing the RSA key length is not "dirty": it simply increases<br><br> +security (and incidentally useful payload size) at the expense of<br><br> +decryption speed.<br><br> +If decryption speed is not that important to you, and you have a clear<br><br> +idea on how long you data can be at most, go ahead and increase the<br><br> +key size. The time you gain by taking this approach can be spent on<br><br> +important tasks like making the private key secure, or adding some<br><br> +form of authentication to your protocol.<br><br> +<br><br> +The "proper" way to do encryption would be to create a random AES<br><br> +session key (16 bytes), encrypt it with RSA (hopefully at least 2048<br><br> +bit long), send it, pad the data, encrypt it with AES, send it.<br><br> +Additionally, you should also sign the data and send the signature<br><br> +along.<br><br> +<br><br> +At the receiving end, you decrypt the session key with RSA, decrypt<br><br> +the data with AES, unpad the data, and verify its signature.<br><br> +_______________________________________________<br><br> +pycrypto mailing list<br><br> +<a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br><br> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +</blockquote></div><br><br> + +</tt> |