[pycrypto] Pickling AES cipher objects - any reasons not to support this?

Legrandin helderijs at gmail.com
Mon Jan 14 10:14:19 PST 2013

Hi Pearu,

> >>> import pickle
> >>> from Crypto.Cipher import AES
> >>> cipher = AES.new('mysecret'*2)
> >>> dump=pickle.dumps(cipher)
> PicklingError: Can't pickle '_AES' object: <_AES object at 0x1fe0bd0>
> I wonder if there are any fundamental reasons why pickling cipher objects
> cannot
> be pickled? Otherwise I would look into implementing pickling support for
> cipher objects.
> I would presume that storing cipher object is safer (would it be?)
> than storing an encryption key used to create the cipher object.

Pickling a cipher object is actually less secure.

First, it cannot be more secure because anybody can easily find back the
key from the pickled blob.

Second - and with the only exception of ECB mode - a cipher object is
always stateful: it depends on the key, but also on the IV/nonce, and on
the data you have processed so far. Pickling will make only sense if the
encryption process has to be paused half-way so tat it can be resumed at a
later moment. Not really a common use case.

Pickling a cipher and reusing later for a totally different encryption will
lead to IV/nonce reuse, which is definitely bad, especially for stream
cipher-like modes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20130114/70344e4b/attachment.html>

More information about the pycrypto mailing list