[pycrypto] RSA exportKey question
Legrandin
helderijs at gmail.com
Wed Jul 3 14:26:05 PDT 2013
I find 3DES is as good as AES for most practical purposes.
The main limitation I see is that the current RSA.exportKey() uses
PEM-level encryption and the MD5-based EVP_BytesToKey function for key
derivation. Nowadays that is *really* weak.
I opened a pull request [1] with a proposal for adding PKCS#8, since
it is widely used and it makes it easier to have pluggable algorithms
(the default combination being PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC but
PBKDF2WithHMAC-SHA1AndAES128-CBC is available too). It took a few
iterations, but I am pretty happy with it.
On top of that I have also just added exportKey/importKey to DSA [2].
Feedback is welcome.
[1] https://github.com/dlitz/pycrypto/pull/32
[2] https://github.com/dlitz/pycrypto/pull/51
2013/6/28 Kurt Vogel <kvogel at mdcom.com>:
> Hello,
>
> Wondering if it would be worthwhile to add more encryption options to rsa
> exportKey() function rather than just DES3? As the default for ssh-keygen
> -t rsa export is 128-bit AES. And maybe allow plug-able hash algorithms
> such as PBKDF2, Bcrypt, etc.?
>
> Thanks,
> Kurt
>
>
>
>
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>
More information about the pycrypto
mailing list