1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> [pycrypto] Bug in PyCrypto 2.6.1
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Bug%20in%20PyCrypto%202.6.1&In-Reply-To=%3C5D16DD8B-67CB-429C-9BF0-42D5F1C787AE%40gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<style type="text/css">
pre {
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
}
</style>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000823.html">
<LINK REL="Next" HREF="000825.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[pycrypto] Bug in PyCrypto 2.6.1</H1>
<B>Mirko Dziadzka</B>
<A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Bug%20in%20PyCrypto%202.6.1&In-Reply-To=%3C5D16DD8B-67CB-429C-9BF0-42D5F1C787AE%40gmail.com%3E"
TITLE="[pycrypto] Bug in PyCrypto 2.6.1">mirko.dziadzka at gmail.com
</A><BR>
<I>Mon Dec 1 08:13:12 PST 2014</I>
<P><UL>
<LI>Previous message: <A HREF="000823.html">[pycrypto] Bug in PyCrypto 2.6.1
</A></li>
<LI>Next message: <A HREF="000825.html">[pycrypto] Bug in PyCrypto 2.6.1
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#824">[ date ]</a>
<a href="thread.html#824">[ thread ]</a>
<a href="subject.html#824">[ subject ]</a>
<a href="author.html#824">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>HI
Some thoughts about this …
><i> _RSA.RSAobj.size.__doc__ says: Return the maximum number of bits that can be handled by this key
</I>
An RSA key can only encrypt data smaller than this key. So if we have an 2048 bit RSA key, it can encrypt some 2048 bit values, but not all. So 2047 should be the safe value here.
IMHO this -1 is correct here.
Mirko
On 01.12.2014, at 16:23, Lorenz Quack <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>> wrote:
><i> Hi Luis,
</I>><i>
</I>><i> Thanks for reporting!
</I>><i> I agree that this seems like strange/wrong behaviour.
</I>><i> Especially when realise that the docs seem to contradict the behaviour.
</I>><i> _RSA.RSAobj.size.__doc__ says: Return the maximum number of bits that can be handled by this key.
</I>><i> But this works fine:
</I>><i> >>> key.encrypt(1<<key.size(), "")
</I>><i> Note that 1 << x has x+1 bits so that the above key happily encrypts key.size()+1 bits.
</I>><i>
</I>><i> The only thing holding me back from strait out calling it a bug is that
</I>><i> 1) this is very old code dating back to 2003.
</I>><i> and 2) the -1 is actively coded there but with out explanation
</I>><i>
</I>><i> As a pointer to others the relevant places are:
</I>><i> /lib/Crypto/PublicKey/_RSA.py:80
</I>><i> /src/_fastmath.c:949
</I>><i>
</I>><i> If it is decided that this is a bug and should be fixed one should also look at other keys, e.g. DSA which seems to do the same -1 calculation.
</I>><i>
</I>><i> Cheers,
</I>><i> Lorenz
</I>><i>
</I>><i>
</I>><i>
</I>><i> On 01/12/14 07:35, Luis González Fernández wrote:
</I>>><i> Hello All:
</I>>><i>
</I>>><i>
</I>>><i> I found a strange bug in size() function that return a wrong key size after creating or importing an RSA key. The return
</I>>><i> value for the size funciont seems to be keysize-1.
</I>>><i>
</I>>><i> Here a demo of the bug:
</I>>><i>
</I>>><i>
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">luisgf at NCC1701B</A>:~$ python3
</I>>><i> Python 3.4.0 (default, Apr 11 2014, 13:05:11)
</I>>><i> [GCC 4.8.2] on linux
</I>>><i> Type "help", "copyright", "credits" or "license" for more information.
</I>>><i> >>> from Crypto.PublicKey import RSA
</I>>><i> >>> key = RSA.generate(2048)
</I>>><i> >>> key.size()
</I>>><i> 2047
</I>>><i> >>>
</I>>><i>
</I>>><i>
</I>>><i> Regards.
</I>>><i>
</I>>><i> --
</I>>><i>
</I>>><i> --
</I>>><i> Luis González Fernández
</I>>><i> <A HREF="https://www.luisgf.es">https://www.luisgf.es</A>
</I>>><i> PGP ID: C918B80F (DD6F BFC1 FC14 4C81 34F8 EA1E 6BCB C27F C918 B80F)
</I>>><i> Twitter: @luisgf_2001 / Jabber:<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">luisgf at mijabber.es</A>
</I>>><i>
</I>>><i>
</I>>><i>
</I>>><i> _______________________________________________
</I>>><i> pycrypto mailing list
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>>><i>
</I>><i>
</I>><i> _______________________________________________
</I>><i> pycrypto mailing list
</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000823.html">[pycrypto] Bug in PyCrypto 2.6.1
</A></li>
<LI>Next message: <A HREF="000825.html">[pycrypto] Bug in PyCrypto 2.6.1
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#824">[ date ]</a>
<a href="thread.html#824">[ thread ]</a>
<a href="subject.html#824">[ subject ]</a>
<a href="author.html#824">[ author ]</a>
</LI>
</UL>
<hr>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto
mailing list</a><br>
</body></html>
|
