summaryrefslogtreecommitdiff
path: root/pipermail/pycrypto/attachments/20130114/70344e4b/attachment.html
blob: 8ff7100fd2367a4c5e9082a654d231eac40cc366 (plain) 
1
2
3
4
5
6
7
8
9
10

<tt>
Hi&nbsp;Pearu,&lt;br&gt;&lt;br&gt;&lt;div&nbsp;class=&quot;gmail_quote&quot;&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0&nbsp;0&nbsp;0&nbsp;.8ex;border-left:1px&nbsp;#ccc&nbsp;solid;padding-left:1ex&quot;&gt;&lt;div&nbsp;dir=&quot;ltr&quot;&gt;&lt;div&gt;&lt;br&gt;&gt;&gt;&gt;&nbsp;import&nbsp;pickle&lt;br&gt;&gt;&gt;&gt;&nbsp;from&nbsp;Crypto.Cipher&nbsp;import&nbsp;AES&lt;br&gt;<br>
&gt;&gt;&gt;&nbsp;cipher&nbsp;=&nbsp;AES.new(&#39;mysecret&#39;*2)&lt;br&gt;<br>
&gt;&gt;&gt;&nbsp;dump=pickle.dumps(cipher)&lt;br&gt;PicklingError:&nbsp;Can&#39;t&nbsp;pickle&nbsp;&#39;_AES&#39;&nbsp;object:&nbsp;&lt;_AES&nbsp;object&nbsp;at&nbsp;0x1fe0bd0&gt;&lt;br&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;I&nbsp;wonder&nbsp;if&nbsp;there&nbsp;are&nbsp;any&nbsp;fundamental&nbsp;reasons&nbsp;why&nbsp;pickling&nbsp;cipher&nbsp;objects&nbsp;cannot&lt;br&gt;<br>
<br>
be&nbsp;pickled?&nbsp;Otherwise&nbsp;I&nbsp;would&nbsp;look&nbsp;into&nbsp;implementing&nbsp;pickling&nbsp;support&nbsp;for&nbsp;cipher&nbsp;objects.&lt;br&gt;&lt;br&gt;&lt;/div&gt;I&nbsp;would&nbsp;presume&nbsp;that&nbsp;storing&nbsp;cipher&nbsp;object&nbsp;is&nbsp;safer&nbsp;(would&nbsp;it&nbsp;be?)&lt;br&gt;&lt;div&gt;than&nbsp;storing&nbsp;an&nbsp;encryption&nbsp;key&nbsp;used&nbsp;to&nbsp;create&nbsp;the&nbsp;cipher&nbsp;object.&lt;br&gt;<br>
&lt;/div&gt;&lt;/div&gt;&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;Pickling&nbsp;a&nbsp;cipher&nbsp;object&nbsp;is&nbsp;actually&nbsp;less&nbsp;secure.&lt;br&gt;&lt;br&gt;First,&nbsp;it&nbsp;cannot&nbsp;be&nbsp;more&nbsp;secure&nbsp;because&nbsp;anybody&nbsp;can&nbsp;easily&nbsp;find&nbsp;back&nbsp;the&nbsp;key&nbsp;from&nbsp;the&nbsp;pickled&nbsp;blob.&lt;br&gt;&lt;br&gt;Second&nbsp;-&nbsp;and&nbsp;with&nbsp;the&nbsp;only&nbsp;exception&nbsp;of&nbsp;ECB&nbsp;mode&nbsp;-&nbsp;a&nbsp;cipher&nbsp;object&nbsp;is&nbsp;always&nbsp;stateful:&nbsp;it&nbsp;depends&nbsp;on&nbsp;the&nbsp;key,&nbsp;but&nbsp;also&nbsp;on&nbsp;the&nbsp;IV/nonce,&nbsp;and&nbsp;on&nbsp;the&nbsp;data&nbsp;you&nbsp;have&nbsp;processed&nbsp;so&nbsp;far.&nbsp;Pickling&nbsp;will&nbsp;make&nbsp;only&nbsp;sense&nbsp;if&nbsp;the&nbsp;encryption&nbsp;process&nbsp;has&nbsp;to&nbsp;be&nbsp;paused&nbsp;half-way&nbsp;so&nbsp;tat&nbsp;it&nbsp;can&nbsp;be&nbsp;resumed&nbsp;at&nbsp;a&nbsp;later&nbsp;moment.&nbsp;Not&nbsp;really&nbsp;a&nbsp;common&nbsp;use&nbsp;case.&lt;br&gt;<br>
&lt;br&gt;Pickling&nbsp;a&nbsp;cipher&nbsp;and&nbsp;reusing&nbsp;later&nbsp;for&nbsp;a&nbsp;totally&nbsp;different&nbsp;encryption&nbsp;will&nbsp;lead&nbsp;to&nbsp;IV/nonce&nbsp;reuse,&nbsp;which&nbsp;is&nbsp;definitely&nbsp;bad,&nbsp;especially&nbsp;for&nbsp;stream&nbsp;cipher-like&nbsp;modes.&lt;br&gt;&lt;/div&gt;&lt;/div&gt;<br>

</tt>
View Lorry Controller Status