attachment-0001.html\91c526c7\20120412\attachments\pycrypto\pipermail - delta/python-packages/pycrypto.git

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

<tt>
&lt;span&nbsp;class=&quot;gD&quot;&gt;Legrandin&nbsp;thank&nbsp;you&nbsp;for&nbsp;your&nbsp;help.&lt;br&gt;When&nbsp;i&nbsp;have&nbsp;time&nbsp;i&nbsp;will&nbsp;put&nbsp;something&nbsp;on&nbsp;pastebin&nbsp;so&nbsp;it&nbsp;can&nbsp;serve&nbsp;as&nbsp;example&nbsp;for&nbsp;future&nbsp;members&nbsp;that&nbsp;require&nbsp;this&nbsp;type&nbsp;of&nbsp;solution&nbsp;:)&lt;br&gt;&lt;br&gt;Regards&lt;br&gt;A/T&lt;br&gt;&lt;/span&gt;&lt;br&gt;<br>
&lt;div&nbsp;class=&quot;gmail_quote&quot;&gt;2012/4/11&nbsp;Legrandin&nbsp;&lt;span&nbsp;dir=&quot;ltr&quot;&gt;&lt;&lt;a&nbsp;href=&quot;mailto:gooksankoo@hoiptorrow.mailexpire.com&quot;&gt;gooksankoo@hoiptorrow.mailexpire.com&lt;/a&gt;&gt;&lt;/span&gt;&lt;br&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
&lt;div&nbsp;class=&quot;im&quot;&gt;&gt;&nbsp;So&nbsp;after&nbsp;a&nbsp;small&nbsp;search&nbsp;i&nbsp;found&nbsp;out&nbsp;that&nbsp;if&nbsp;i&nbsp;increase&nbsp;the&nbsp;RSA&nbsp;Modulus&nbsp;i&#39;m&lt;br&gt;<br>
&gt;&nbsp;able&nbsp;to&nbsp;encrypt&nbsp;larger&nbsp;number&nbsp;of&nbsp;bits&nbsp;(&nbsp;makes&nbsp;sense&nbsp;) &nbsp;but&nbsp;this&nbsp;feels&nbsp;dirty.&lt;br&gt;<br>
&gt;&lt;br&gt;<br>
&gt;&nbsp;What&nbsp;do&nbsp;your&nbsp;guys&nbsp;recommend&nbsp;?&lt;br&gt;<br>
&gt;&lt;br&gt;<br>
&gt;&nbsp;Breaking&nbsp;the&nbsp;data&nbsp;in&nbsp;chunks&nbsp;and&nbsp;encrypting&nbsp;part&nbsp;by&nbsp;part&nbsp;joining&nbsp;it&nbsp;all&nbsp;in&nbsp;a&lt;br&gt;<br>
&gt;&nbsp;buffer&nbsp;and&nbsp;send&nbsp;it&nbsp;down&nbsp;the&nbsp;socket&nbsp;all&nbsp;in&nbsp;one&nbsp;with&nbsp;the&nbsp;other&nbsp;server&lt;br&gt;<br>
&gt;&nbsp;decrypting&nbsp;part&nbsp;by&nbsp;part&nbsp;and&nbsp;merging&nbsp;the&nbsp;data&nbsp;again&nbsp;?&lt;br&gt;<br>
&gt;&lt;br&gt;<br>
&gt;&nbsp;P.S&nbsp;-&nbsp;I&nbsp;dont&nbsp;mind&nbsp;fishing&nbsp;by&nbsp;myself&nbsp;just&nbsp;trying&nbsp;to&nbsp;understand&nbsp;the&nbsp;best&nbsp;&quot;way&lt;br&gt;<br>
&gt;&nbsp;/&nbsp;more&nbsp;correct&nbsp;way&nbsp;&quot;&nbsp;to&nbsp;do&nbsp;it&nbsp;:)&lt;br&gt;<br>
&lt;br&gt;<br>
&lt;/div&gt;Hi&nbsp;Antonio,&lt;br&gt;<br>
&lt;br&gt;<br>
Increasing&nbsp;the&nbsp;RSA&nbsp;key&nbsp;length&nbsp;is&nbsp;not&nbsp;&quot;dirty&quot;:&nbsp;it&nbsp;simply&nbsp;increases&lt;br&gt;<br>
security&nbsp;(and&nbsp;incidentally&nbsp;useful&nbsp;payload&nbsp;size)&nbsp;at&nbsp;the&nbsp;expense&nbsp;of&lt;br&gt;<br>
decryption&nbsp;speed.&lt;br&gt;<br>
If&nbsp;decryption&nbsp;speed&nbsp;is&nbsp;not&nbsp;that&nbsp;important&nbsp;to&nbsp;you,&nbsp;and&nbsp;you&nbsp;have&nbsp;a&nbsp;clear&lt;br&gt;<br>
idea&nbsp;on&nbsp;how&nbsp;long&nbsp;you&nbsp;data&nbsp;can&nbsp;be&nbsp;at&nbsp;most,&nbsp;go&nbsp;ahead&nbsp;and&nbsp;increase&nbsp;the&lt;br&gt;<br>
key&nbsp;size.&nbsp;The&nbsp;time&nbsp;you&nbsp;gain&nbsp;by&nbsp;taking&nbsp;this&nbsp;approach&nbsp;can&nbsp;be&nbsp;spent&nbsp;on&lt;br&gt;<br>
important&nbsp;tasks&nbsp;like&nbsp;making&nbsp;the&nbsp;private&nbsp;key&nbsp;secure,&nbsp;or&nbsp;adding&nbsp;some&lt;br&gt;<br>
form&nbsp;of&nbsp;authentication&nbsp;to&nbsp;your&nbsp;protocol.&lt;br&gt;<br>
&lt;br&gt;<br>
The&nbsp;&quot;proper&quot;&nbsp;way&nbsp;to&nbsp;do&nbsp;encryption&nbsp;would&nbsp;be&nbsp;to&nbsp;create&nbsp;a&nbsp;random&nbsp;AES&lt;br&gt;<br>
session&nbsp;key&nbsp;(16&nbsp;bytes),&nbsp;encrypt&nbsp;it&nbsp;with&nbsp;RSA&nbsp;(hopefully&nbsp;at&nbsp;least&nbsp;2048&lt;br&gt;<br>
bit&nbsp;long),&nbsp;send&nbsp;it,&nbsp;pad&nbsp;the&nbsp;data,&nbsp;encrypt&nbsp;it&nbsp;with&nbsp;AES,&nbsp;send&nbsp;it.&lt;br&gt;<br>
Additionally,&nbsp;you&nbsp;should&nbsp;also&nbsp;sign&nbsp;the&nbsp;data&nbsp;and&nbsp;send&nbsp;the&nbsp;signature&lt;br&gt;<br>
along.&lt;br&gt;<br>
&lt;br&gt;<br>
At&nbsp;the&nbsp;receiving&nbsp;end,&nbsp;you&nbsp;decrypt&nbsp;the&nbsp;session&nbsp;key&nbsp;with&nbsp;RSA,&nbsp;decrypt&lt;br&gt;<br>
the&nbsp;data&nbsp;with&nbsp;AES,&nbsp;unpad&nbsp;the&nbsp;data,&nbsp;and&nbsp;verify&nbsp;its&nbsp;signature.&lt;br&gt;<br>
_______________________________________________&lt;br&gt;<br>
pycrypto&nbsp;mailing&nbsp;list&lt;br&gt;<br>
&lt;a&nbsp;href=&quot;mailto:pycrypto@lists.dlitz.net&quot;&gt;pycrypto@lists.dlitz.net&lt;/a&gt;&lt;br&gt;<br>
&lt;a&nbsp;href=&quot;http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto&quot;&nbsp;target=&quot;_blank&quot;&gt;http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto&lt;/a&gt;&lt;br&gt;<br>
&lt;/blockquote&gt;&lt;/div&gt;&lt;br&gt;<br>

</tt>