[pycrypto] PyCrypto Blowfish CFB limitation

Paul_Koning at Dell.com Paul_Koning at Dell.com
Wed Jun 6 13:23:51 EDT 2012


On Jun 6, 2012, at 1:11 PM, Legrandin wrote:

> 
> I am getting "ValueError: Input strings must be a multiple of the
> segment size 8 in length" when trying to decrypt a file by using
> Blowfish in CFB mode. The file length is not a multiple of 8. However,
> OpenSSL doesn't require file length to be multiple of 8 and it
> successfully decrypts the file.
> 
> 1. Is this a limitation imposed by PyCrypto?
> 
> 
> Yes. I actually opened a bug about this, but in the meanwhile I have read in Section 5.2 of NIST 800 38A (the only standard I am aware of that describes CFB) that the input must be a multiple of the segment size.
> 
> That means that strictly speaking OpenSSL is not standard compliant, unless other standards saying that the last block can be shorter exists.

That certainly is the case.  The original (or at least earlier) definition of CFB is in FIPS 1026 (May 16, 1980).  It defines CFB and OFB for data units of size 1..64 (where 64 is the DES blocksize, so to generalize it for k-bit block ciphers the data unit size would be 1..k.

	paul




More information about the pycrypto mailing list