[pycrypto] Bug in Crypto.PublicKey.RSA?
Dwayne C. Litzenberger
dlitz at dlitz.net
Wed Sep 10 09:06:46 CST 2008
On Tue, Sep 09, 2008 at 08:03:32PM -0700, Bill Broadley wrote:
>>> >>> privkeyA = RSA.generate(keysize, rpool.get_bytes)
>>> Hangs forever.... well at least 10's of minutes.
>> I filed a bug report:
>Ah, do you think that is an ubuntu bug? Or a pycrypto? I.e. can I fix it by
>installing pycrypto myself. I had thought I had just misunderstood.
It's a PyCrypto bug. As far as I know, Ubuntu hasn't made many
modifications to PyCrypto.
>> If "only the one encrypting should ever be able to decrypt the files",
>> then why not use symmetric encryption? It's much faster, and probably
>> stronger in the long run (since most people don't use 8192-bit RSA
>Mostly for the added protection of not having your private key on the system.
>I might even backup systems that aren't even under my control. Scenarios like
>"Hey, user departmental user X, to back up your machine install this program,
>and use this public key."
Ah, that makes sense.
>Oh, as to performance my symmetric vs public key encryption tests didn't
>find much difference:
>So I'm not too concerned about 8.5 seconds 11.5MB/sec vs 10.5MB/sec.
>Am I missing something?
I was referring to is that if you don't get some benefit from public-key
crypto, then you're better off not using it, since, according to NIST, you
need a 15360-bit RSA key (!) to get comparable security to AES-256:
(Table 2 on Page 63)
(Curiously, that table lists AES-256 as having 256 "bits of security",
which doesn't sound right to me, but even if you want 128-bit security,
it's claimed that you need at least 3072-bit RSA keys. The number I've
heard elsewhere was about 6100 bits, and I've seen others recommend at
least 8192-bit RSA keys.)
Dwayne C. Litzenberger <dlitz at dlitz.net>
Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9 179F 1C11 B877 E780 4B45
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: Digital signature
Url : http://lists.dlitz.net/pipermail/pycrypto/attachments/20080910/06f1ce1e/attachment.pgp
More information about the pycrypto