Python SHA-based encryption function, new version
Paul Rubin
phr-n2002a at nightsong.com
Sat May 11 17:04:11 EDT 2002
Richard Parker <richard at electrophobia.com> writes:
> Revision 1.15 appears to have a bug in p2_encrypt - the call to _hmac
> appears to be using the ciphertext as the HMAC key and the authentication
> key as the message. This can't have been what you intended, right? As it
> stands it is insecure.
Sigh. I better check it. I'd had a separate function computing
the keys and made some mistakes when I inlined it for rev 1.13.
I thought I'd fixed it (that's what 1.15 was supposed to be) but
I may have missed something. I'll take a look at it later this
weekend. I can't mess with it right now.
Thanks.
More information about the Python-list
mailing list