Python SHA-based encryption function, new version

Paul Rubin phr-n2002a at nightsong.com
Sat May 11 17:04:11 EDT 2002


Richard Parker <richard at electrophobia.com> writes:
> Revision 1.15 appears to have a bug in p2_encrypt - the call to _hmac
> appears to be using the ciphertext as the HMAC key and the authentication
> key as the message.  This can't have been what you intended, right?  As it
> stands it is insecure.

Sigh.  I better check it.  I'd had a separate function computing
the keys and made some mistakes when I inlined it for rev 1.13.
I thought I'd fixed it (that's what 1.15 was supposed to be) but
I may have missed something.  I'll take a look at it later this
weekend.  I can't mess with it right now.

Thanks.



More information about the Python-list mailing list