Python SHA-based encryption function, new version
Paul Rubin
phr-n2002a at nightsong.com
Sat May 11 18:10:47 EDT 2002
Richard Parker <richard at electrophobia.com> writes:
> Revision 1.15 appears to have a bug in p2_encrypt - the call to _hmac
> appears to be using the ciphertext as the HMAC key and the authentication
> key as the message. This can't have been what you intended, right? As it
> stands it is insecure.
The args to _hmac were reversed from the args to the encrypt function.
Bah. I put a patch in the web copy and labelled it "revision 1.15a"
but I won't have a chance to update the actual RCS for a while.
Nice catch Richard. Thanks.
More information about the Python-list
mailing list