[pycrypto] RSA exportKey question
helderijs at gmail.com
Wed Jul 3 14:26:05 PDT 2013
I find 3DES is as good as AES for most practical purposes.
The main limitation I see is that the current RSA.exportKey() uses
PEM-level encryption and the MD5-based EVP_BytesToKey function for key
derivation. Nowadays that is *really* weak.
I opened a pull request  with a proposal for adding PKCS#8, since
it is widely used and it makes it easier to have pluggable algorithms
(the default combination being PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC but
PBKDF2WithHMAC-SHA1AndAES128-CBC is available too). It took a few
iterations, but I am pretty happy with it.
On top of that I have also just added exportKey/importKey to DSA .
Feedback is welcome.
2013/6/28 Kurt Vogel <kvogel at mdcom.com>:
> Wondering if it would be worthwhile to add more encryption options to rsa
> exportKey() function rather than just DES3? As the default for ssh-keygen
> -t rsa export is 128-bit AES. And maybe allow plug-able hash algorithms
> such as PBKDF2, Bcrypt, etc.?
> pycrypto mailing list
> pycrypto at lists.dlitz.net
More information about the pycrypto