Are there advantages to using Pycrypto's Randpool over Random.SystemRandom()?<div><br></div><div>In another Keyczar thread, someone reported that Randpool was a performance bottleneck and got a big improvement by switching to SystemRandom.</div>
<div><br></div><div>I don't know enough about the underlying implementations to make any security judgement. If anyone can comment authoritatively, please do.<br><br><div class="gmail_quote">On Thu, Aug 20, 2009 at 2:11 AM, Hans-Peter Jansen <span dir="ltr"><<a href="mailto:hpj@urpla.net">hpj@urpla.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
Hi Sébastien, hi Steve,<br>
<br>
first of all, thanks for the instant feedback.<br>
<br>
Am Donnerstag, 20. August 2009 schrieb Sébastien Martini:<br>
<div class="im">> Hi Hans-Peter,<br>
><br>
> > /usr/lib/python2.6/site-packages/Crypto/Hash/SHA.py:6:<br>
> > DeprecationWarning: the sha module is deprecated; use the hashlib<br>
> > module instead<br>
> > from sha import *<br>
><br>
> Strange, with pycrypto 2.0.1 on Ubuntu 9.04 (and with Python 2.6.1) I<br>
> do not have this warning. Are you sure your system use pycrypto<br>
> 2.0.1 ?<br>
<br>
</div>Yes, I am:<br>
$ rpm -qf /usr/lib/python2.6/site-packages/Crypto/PublicKey/RSA.py<br>
python-crypto-2.0.1-28.115.1<br>
<br>
Let me note, that I always generate rpm packages (at least with "python<br>
setup.py bdist_rpm"), rather then installing from source directly.<br>
<br>
Probably, Ubuntu incorporates some patches from Dwaynes trunk, does it?<br>
I got rid of the Deprecation warning with updating to Dwaynes version, by<br>
the price of a new one. See below.<br>
<br>
Please let me turn around the question: are you sure, that Ubuntus version<br>
isn't a hybrid of Andrews and Dwaynes at least? May I ask you to show me<br>
your patches? I show you mine ;-)<br>
<br>
openSUSE incorporated two patches to 2.0.1:<br>
<br>
This one, I ported to trunk:<br>
--- src/hash_template.c~ 2009-08-16 23:39:34.053841534 +0200<br>
+++ src/hash_template.c 2009-08-20 10:16:05.877840748 +0200<br>
@@ -111,13 +111,15 @@ ALG_hexdigest(ALGobject *self, PyObject<br>
PyObject *value, *retval;<br>
unsigned char *raw_digest, *hex_digest;<br>
int i, j, size;<br>
+ Py_ssize_t ssize;<br>
<br>
if (!PyArg_ParseTuple(args, ""))<br>
return NULL;<br>
<br>
/* Get the raw (binary) digest value */<br>
value = (PyObject *)hash_digest(&(self->st));<br>
- size = PyString_Size(value);<br>
+ ssize = PyString_Size(value);<br>
+ size = (ssize > INT_MAX) ? INT_MAX : ssize;<br>
raw_digest = (unsigned char *) PyString_AsString(value);<br>
<br>
/* Create a new string */<br>
<br>
Dwayne, is this in order or just plain silly?<br>
<br>
The other is the already applied ARC2 fix to check of oversized keys.<br>
<div><div></div><div class="h5"><br>
> > ............................E.<br>
> > ======================================================================<br>
> > ERROR: testRsaUnversionedSignAndVerify (signer_test.SignerTest)<br>
> > ----------------------------------------------------------------------<br>
> > Traceback (most recent call last):<br>
> > File ".../keyczar/tests/keyczar/signer_test.py", line 125, in<br>
> > testRsaUnversionedSignAndVerify<br>
> > self.__testUnversionedSignAndVerify("rsa-sign")<br>
> > File ".../keyczar/tests/keyczar/signer_test.py", line 67, in<br>
> > __testUnversionedSignAndVerify<br>
> > self.assertFalse(unversioned_signer.Verify("Wrong string", sig)) File<br>
> > "/usr/local/lib/python2.6/site-packages/keyczar/keyczar.py", line 404,<br>
> > in Verify result = key.Verify(data, sig_bytes)<br>
> > File "/usr/local/lib/python2.6/site-packages/keyczar/keys.py", line<br>
> > 622, in Verify return self.public_key.Verify(msg, sig)<br>
> > File "/usr/local/lib/python2.6/site-packages/keyczar/keys.py", line<br>
> > 787, in Verify (util.BytesToLong(sig),))<br>
> > File "/usr/lib/python2.6/site-packages/Crypto/PublicKey/pubkey.py",<br>
> > line 84, in verify return self._verify(M, signature)<br>
> > File "/usr/lib/python2.6/site-packages/Crypto/PublicKey/RSA.py", line<br>
> > 103, in _verify m2=self._encrypt(sig[0])<br>
> > File "/usr/lib/python2.6/site-packages/Crypto/PublicKey/RSA.py", line<br>
> > 89, in _encrypt raise error, 'Plaintext too large'<br>
> > error: Plaintext too large<br>
><br>
> I think this error is related somehow to the hash computation (which<br>
> also could be related to the deprecation warning) because this is the<br>
> hash value which is signed with a private_encrypt() RSA method. I<br>
> might be wrong but I really think this is not currently pycrypto 2.0.1<br>
> that your keyczar install calls.<br>
<br>
</div></div>No, it _wasn't_ related to SHA.py, since in a first test, I just updated to<br>
Dwaynes current SHA.py, which tries to import hashlib.SHA first and got rid<br>
of the deprecation, but this error persisted.<br>
<br>
After updating my python-crypto package to Dwaynes trunk, the tests<br>
succeeded:<br>
<br>
$ python alltests.py<br>
./usr/lib/python2.6/site-packages/Crypto/Util/randpool.py:72:<br>
RandomPool_DeprecationWarning: RandomPool is deprecated. Use Random.new()<br>
or Random.RandomPoolCompat instead.<br>
warnings.warn("RandomPool is deprecated. Use Random.new() or<br>
Random.RandomPoolCompat instead.", RandomPool_DeprecationWarning)<br>
.............................<br>
----------------------------------------------------------------------<br>
Ran 30 tests in 1.010s<br>
<br>
OK<br>
<br>
I fixed it with this patch:<br>
<br>
--- util.py.orig 2009-08-20 10:40:19.248702303 +0200<br>
+++ util.py 2009-08-20 10:57:27.765198430 +0200<br>
@@ -30,7 +30,12 @@ except ImportError:<br>
from sha import sha as sha1<br>
from Crypto.Hash.SHA256 import new as sha256<br>
<br>
-from Crypto.Util import randpool<br>
+try:<br>
+ # Import RandomPoolCompat, if available<br>
+ from Crypto.Random import RandomPoolCompat as RandomPool<br>
+except ImportError:<br>
+ from Crypto.Util.randpool import RandomPool<br>
+<br>
from pyasn1.codec.der import decoder<br>
from pyasn1.codec.der import encoder<br>
from pyasn1.type import univ<br>
@@ -291,7 +296,7 @@ def TrimBytes(bytes):<br>
<br>
def RandBytes(n):<br>
"""Return n random bytes."""<br>
- return randpool.RandomPool(512).get_bytes(n)<br>
+ return RandomPool(512).get_bytes(n)<br>
<br>
def Hash(digest, *inputs):<br>
"""Return a SHA-1 hash over a variable number of inputs."""<br>
<br>
BTW, is there any reason to fetch 512 bytes always, and use a subset only<br>
(if I read the code correctly)? What happens, if n is > 512?<br>
<div class="im"><br>
> > ----------------------------------------------------------------------<br>
> > Ran 30 tests in 3.179s<br>
> ><br>
> > FAILED (errors=1)<br>
> ><br>
> > Since I wanted to use RSA signing and encryption, I'm concerned about<br>
> > it.<br>
> ><br>
> > System:<br>
> > openSUSE 11.1, python 2.6.0, python-crypto-2.0.1, pyasn1-0.0.8a<br>
><br>
> Cordially,<br>
><br>
> Sébastien<br>
<br>
</div>Thanks,<br>
Pete<br>
<div><div></div><div class="h5"><br>
<br>
--~--~---------~--~----~------------~-------~--~----~<br>
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.<br>
To post to this group, send email to <a href="mailto:keyczar-discuss@googlegroups.com">keyczar-discuss@googlegroups.com</a><br>
To unsubscribe from this group, send email to <a href="mailto:keyczar-discuss%2Bunsubscribe@googlegroups.com">keyczar-discuss+unsubscribe@googlegroups.com</a><br>
For more options, visit this group at <a href="http://groups.google.com/group/keyczar-discuss?hl=en" target="_blank">http://groups.google.com/group/keyczar-discuss?hl=en</a><br>
-~----------~----~----~----~------~----~------~--~---<br>
<br>
</div></div></blockquote></div><br></div>