SHA-based encryption function in Python
Richard Parker
richard at electrophobia.com
Wed Apr 24 02:33:53 EDT 2002
in article 7x3cxlk7qb.fsf at ruckus.brouhaha.com, Paul Rubin at
phr-n2002a at nightsong.com wrote on 4/23/02 10:04 PM:
> I've put together an encryption function written in Python using the
> SHA module to provide a keystream in output feedback mode.
I just took a quick look at your Python code. I'd encourage you to not use
the secret prefix method to construct a MAC from a hash function, i.e.
MAC(x) = H(K || x). This method is generally considered to be insecure.
Use the HMAC construction instead.
> ...this function makes a nonce based on the key and plaintext as well
> as the current time and an internal state based on the time of
> initialization and the values of previously issued nonces. It
> currently doesn't try to use any other system-dependent entropy.
The ciphertext and key passed to the decryption function could be used as
additional sources of entropy for your "_state" variable.
> It's possible that a nonce could get re-used if two separate Python
> instances simultaneously encrypt the same plaintext with the same key.
> That could happen, for example, on a cgi web server where two requests
> come in very close together and each starts its own Python instance.
> That could be a security failure in some applications, but hopefully
> not many.
Perhaps you could add a function to your API that would allow the programmer
using your API to provide additional an source of entropy. This would
enable the hypothetical programmer of the CGI using your library to fix the
problem by using information from the HTTP requests as a source of entropy.
-Richard
More information about the Python-list
mailing list