Authenticated encryption with PyCrypto

M.-A. Lemburg mal at egenix.com
Tue Jan 26 12:37:53 EST 2010 

Daniel wrote:
> Just got done reading this thread:
> 
> http://groups.google.com/group/comp.lang.python/browse_thread/thread/b31a5b5f58084f12/0e09f5f5542812c3
> 
> and I'd appreciate feedback on this recipe:
> 
> http://code.activestate.com/recipes/576980/
> 
> Of course, it does not meet all of the requirements set forth by the
> OP in the referenced thread (the pycrypto dependency is a problem),
> but it is an attempt to provide a simple interface for performing
> strong, password-based encryption. Are there already modules out there
> that provide such a simple interface? If there are, they seem to be
> hiding somewhere out of Google's view.
> 
> I looked at ezPyCrypto, but it seemed to require public and private
> keys, which was not convenient in my situation... maybe password-based
> encryption is trivial to do with ezPyCrypto as well? In addition to
> ezPyCrypto, I looked at Google's keyczar, but despite the claims of
> the documentation, the API seemed overly complicated. Is it possible
> to have a simple API for an industry-strength encryption module? If
> not, is it possible to document that complicated API such that a non-
> cryptographer could use it and feel confident that he hadn't made a
> critical mistake?

Yes, it is possible, but whatever you come up with will usually
be bound to just one (or a few) different use cases, e.g. just
look at the different cipher modes there are, the different key
sizes, block sizes (for block ciphers), IV strings, padding, etc.
etc.

Note that your code has a padding bug: the decoder doesn't
undo the padding. You're lucky though, since pickle will only
read as much data as it needs and not complain about the extra
data it finds.

You are also using CBC mode, even though you are really after
ECB mode (your code doesn't use chaining). With ECB mode, you
don't need the IV string.

> Also, slightly related, is there an easy way to get the sha/md5
> deprecation warnings emitted by PyCrypto in Python 2.6 to go away?

Yes: you silence them via the warnings module. I suppose that the
latest version of PyCrypto fixes these warnings.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jan 26 2010)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

More information about the Python-list mailing list