Authenticated encryption with PyCrypto

Daniel millerdev at gmail.com
Tue Jan 26 19:23:02 EST 2010 

M.-A. Lemburg wrote:
> Daniel wrote:
> > On Jan 26, 12:37 pm, "M.-A. Lemburg" <m... at egenix.com> wrote:
> >> Note that your code has a padding bug: the decoder doesn't
> >> undo the padding. You're lucky though, since pickle will only
> >> read as much data as it needs and not complain about the extra
> >> data it finds.
>
> > Doesn't the last line in decrypt() do it?
>
> >     return data[:-ord(data[-1])]
>
> > Given, it's a bit cryptic... no pun intended :)
>
> That's cryptic indeed... I just found that you're not padding
> with zero bytes, but instead with char(pad) where pad is the
> number of bytes you add:
>
>         pad = AES_BLOCK_SIZE - len(data) % AES_BLOCK_SIZE
>         data = data + pad * chr(pad)
>
> This code will pad with 16 bytes of chr(16) in case len(data)
> is in fact on a block size boundary.
>
> When using pickle, you don't need this, since pickle includes
> all necessary length information in the serialized data stream.
>
> I'd just pad with \0 and not worry about the extra bytes
> at the end when using pickle to serialize the objects.

I think I'll leave the padding in there since it keeps the encrypt/
decrypt methods usable for non-pickle data.


> It's more important to worry about whether you really
> want to unpickle the data or not, since pickle opens
> up lots of possibilities of executing code on the decoding
> side of the communication channel.

I understand the risks of unpickle. With strong, authenticated
encryption I think it is reasonably safe to send an encrypted pickle
through an untrusted medium (the Internet) and know that it has not
been modified enroute. That is, unless someone has obtained the key,
in which case I have a bigger problem to worry about.

> >>> Also, slightly related, is there an easy way to get the sha/md5
> >>> deprecation warnings emitted by PyCrypto in Python 2.6 to go away?
>
> >> Yes: you silence them via the warnings module. I suppose that the
> >> latest version of PyCrypto fixes these warnings.
>
> > The version that gets installed by easy_install or pip (2.0.1) emits
> > those warnings. Is there a more recent version?
>
> This is the most recent version:
>
>        http://www.dlitz.net/software/pycrypto/

Thanks.

Daniel

More information about the Python-list mailing list