[pycrypto] ARC4 problems?

Dave Pawson dave.pawson at gmail.com
Sat Nov 23 01:54:36 PST 2013

On 23 November 2013 02:01, Parke <parke.nexus at gmail.com> wrote:
> On Thu, Nov 21, 2013 at 1:58 AM, Dave Pawson <dave.pawson at gmail.com> wrote:
>> Using Python 3
>>     def test_ARC4_2(self):
>>         key = b'A long and confidential key'
>>         msg =b'My secret message'
>>         nonce = b'Another secret'#Crypto.Random.new().read(16)
>>         tempkey=SHA.new(key + nonce).digest()
>>         cipher = ARC4.new(tempkey)
>>         ciphertext = cipher.encrypt(msg)
>>         plain      = cipher.decrypt(ciphertext)
>>         print(plain)
>> The print is showing
>> b'\x06\xd6\x96\xe7BEF\xe2\x11\xae\xff\xa5"3nJ1'
>> which str() won't convert to a string?
>>   An ecryption problem or encoding?
>> Am I doing something wrong please?
>> (just trying to get my head round each of the classes)
> In Python 3, strings are Unicode, so str() probably needs to know
> which encoding to use.  Your plaintext msg is bytes (not str).  Why do
> you (think you) want/need str?

<grin/> To provide a readable output....
   You imply I can use a byte array as easily as a string.....
   With input and output as bytes I'm seeing

RTFM? OK, https://www.dlitz.net/software/pycrypto/api/current/
the input message, key etc are byte strings. My bad.
(Other block messages work fine with strings/u'string' .... )

 self.assertEqual(msg,plaintext,'arc4,2 failed')
AssertionError: b'My secret message' !=
b'd\xd7\xd2\ty\xfc\xc0v\xa2\xc3\xc5\xcd\x12\xf0\xf7\xea' : arc4,2

So something is wrong?

> Also, nonces do not need to be secret, just unique (per key).
> You may need to create a new/fresh ARC4 instance for the decryption.

Sorry I don't understand that? May, or must? Or when must I?
Why please?

> ARC4 is a stream cipher, and you reset it by installing the key+nonce.
Defined by the 'block_size=1' in docs?

> Block ciphers in ECB and CTR mode do not need to be reset between
> encryption and decryption.  But most other ciphers/modes do.

Is this documented anywhere please?
Which do / which don't?

Dave Pawson
Docbook FAQ.

More information about the pycrypto mailing list