1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> [pycrypto] Bug in PyCrypto 2.6.1
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Bug%20in%20PyCrypto%202.6.1&In-Reply-To=%3C20141222222814.GA19693%40syra.lan%3E">
<META NAME="robots" CONTENT="index,nofollow">
<style type="text/css">
pre {
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
}
</style>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000828.html">
<LINK REL="Next" HREF="000829.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[pycrypto] Bug in PyCrypto 2.6.1</H1>
<B>Dwayne Litzenberger</B>
<A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20Bug%20in%20PyCrypto%202.6.1&In-Reply-To=%3C20141222222814.GA19693%40syra.lan%3E"
TITLE="[pycrypto] Bug in PyCrypto 2.6.1">dlitz at dlitz.net
</A><BR>
<I>Mon Dec 22 14:28:14 PST 2014</I>
<P><UL>
<LI>Previous message: <A HREF="000828.html">[pycrypto] Bug in PyCrypto 2.6.1
</A></li>
<LI>Next message: <A HREF="000829.html">[pycrypto] Unable to compile PyCrypto 2.6.1 on windows + msvc compiler + python 3.4.2 64bit, missing python imports?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#830">[ date ]</a>
<a href="thread.html#830">[ thread ]</a>
<a href="subject.html#830">[ subject ]</a>
<a href="author.html#830">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Fri, Dec 12, 2014 at 01:58:27PM +0100, Luis González Fernández wrote:
><i>Any news about this?
</I>
>>> from Crypto import __version__
>>> print(__version__)
2.0.1
>>> from Crypto.PublicKey import RSA
>>> import os
>>> RSA.generate(2048, os.urandom).size()
2047
Ugh. Yeah, this is yet another flaw in the design of
Crypto.PublicKey.pubkey. Unfortunately, this behavior has existed since
at least PyCrypto 2.0.1, so I don't think we should silently change it
at this point. The whole thing should probably be deprecated and
replaced, but at this point it might be better for new code to just use
pyca's RSA primitive:
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives.asymmetric import rsa
>>> k = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend())
>>> k.key_size
2048
>>> # See docs: <A HREF="https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/">https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/</A>
I think it would be worth putting a warning and an example in the
docs/docstring about this.
Cheers,
- Dwayne
On Fri, Dec 12, 2014 at 01:58:27PM +0100, Luis González Fernández wrote:
><i>Hi All:
</I>><i>
</I>><i>Any news about this?
</I>><i>
</I>><i>
</I>><i>On 01/12/14 18:48, Lorenz Quack wrote:
</I>>><i> On 01/12/14 17:23, Mirko Dziadzka wrote:
</I>>>><i> Oh, I totally agree. Either the name or the implementation has a
</I>>>><i> problem.
</I>>><i>
</I>>><i> +1
</I>>><i>
</I>>>><i>
</I>>>><i> I was just pointing out that the behavior is consistent with the
</I>>>><i> documentation in
</I>>>><i> <A HREF="https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#size">https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#size</A>
</I>>><i>
</I>>><i> I disagree. As I showed in the code example and you pointed out in
</I>>><i> your previous post there are *some* values that the key can handle
</I>>><i> with more bits than reported by size().
</I>>><i> So, size() is *not* the "maximum number of bits that can be handled by
</I>>><i> this key".
</I>>><i> It is the maximum number of bits that is guaranteed to work for all
</I>>><i> values.
</I>>><i>
</I>>><i> Lorenz
</I>>><i>
</I>>>><i>
</I>>>><i> Mirko
</I>>>><i>
</I>>>><i>
</I>>>><i> On 01.12.2014, at 17:31, Paul Koning <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">paul_koning at dell.com</A>> wrote:
</I>>>><i>
</I>>>>><i> To me, key_size means the size of the key. It doesn’t mean the
</I>>>>><i> largest value you can encrypt. If that is what is intended, or if
</I>>>>><i> it has to stay that way for historical reasons, fine, but it needs
</I>>>>><i> to be very clearly pointed out in the documentation because it is
</I>>>>><i> unexpected and counterintuitive.
</I>>>>><i>
</I>>>>><i> paul
</I>>>>><i>
</I>>>>>><i> On Dec 1, 2014, at 11:13 AM, Mirko Dziadzka
</I>>>>>><i> <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">mirko.dziadzka at gmail.com</A>> wrote:
</I>>>>>><i>
</I>>>>>><i> HI
</I>>>>>><i>
</I>>>>>><i> Some thoughts about this …
</I>>>>>><i>
</I>>>>>>><i> _RSA.RSAobj.size.__doc__ says: Return the maximum number of bits
</I>>>>>>><i> that can be handled by this key
</I>>>>>><i>
</I>>>>>><i> An RSA key can only encrypt data smaller than this key. So if we
</I>>>>>><i> have an 2048 bit RSA key, it can encrypt some 2048 bit values, but
</I>>>>>><i> not all. So 2047 should be the safe value here.
</I>>>>>><i>
</I>>>>>><i> IMHO this -1 is correct here.
</I>>>>>><i>
</I>>>>>><i> Mirko
</I>>>>><i>
</I>>>>><i> _______________________________________________
</I>>>>><i> pycrypto mailing list
</I>>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>>>><i>
</I>>>><i> _______________________________________________
</I>>>><i> pycrypto mailing list
</I>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>>>><i>
</I>>><i>
</I>>><i> _______________________________________________
</I>>><i> pycrypto mailing list
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>><i>
</I>><i>--
</I>><i>
</I>><i>--
</I>><i>Luis González Fernández
</I>><i><A HREF="https://www.luisgf.es">https://www.luisgf.es</A>
</I>><i>PGP ID: C918B80F (DD6F BFC1 FC14 4C81 34F8 EA1E 6BCB C27F C918 B80F)
</I>><i>Twitter: @luisgf_2001 / Jabber: <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">luisgf at mijabber.es</A>
</I>><i>
</I>><i>
</I>
><i>_______________________________________________
</I>><i>pycrypto mailing list
</I>><i><A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>
</I>><i><A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>
</I>
--
Dwayne C. Litzenberger <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">dlitz at dlitz.net</A>>
OpenPGP: 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000828.html">[pycrypto] Bug in PyCrypto 2.6.1
</A></li>
<LI>Next message: <A HREF="000829.html">[pycrypto] Unable to compile PyCrypto 2.6.1 on windows + msvc compiler + python 3.4.2 64bit, missing python imports?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#830">[ date ]</a>
<a href="thread.html#830">[ thread ]</a>
<a href="subject.html#830">[ subject ]</a>
<a href="author.html#830">[ author ]</a>
</LI>
</UL>
<hr>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto
mailing list</a><br>
</body></html>
|
