[pycrypto] Bug in PyCrypto 2.6.1

Lorenz Quack don at amberfisharts.com
Mon Dec 1 09:48:26 PST 2014


On 01/12/14 17:23, Mirko Dziadzka wrote:
> Oh, I totally agree. Either the name or the implementation has a problem.

+1

>
> I was just pointing out that the behavior is consistent with the documentation in https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#size

I disagree. As I showed in the code example and you pointed out in your previous post there are *some* values that the 
key can handle with more bits than reported by size().
So, size() is *not* the "maximum number of bits that can be handled by this key".
It is the maximum number of bits that is guaranteed to work for all values.

Lorenz

>
>      Mirko
>
>
> On 01.12.2014, at 17:31, Paul Koning <paul_koning at dell.com> wrote:
>
>> To me, key_size means the size of the key.  It doesn’t mean the largest value you can encrypt.  If that is what is intended, or if it has to stay that way for historical reasons, fine, but it needs to be very clearly pointed out in the documentation because it is unexpected and counterintuitive.
>>
>> 	paul
>>
>>> On Dec 1, 2014, at 11:13 AM, Mirko Dziadzka <mirko.dziadzka at gmail.com> wrote:
>>>
>>> HI
>>>
>>> Some thoughts about this …
>>>
>>>> _RSA.RSAobj.size.__doc__ says: Return the maximum number of bits that can be handled by this key
>>>
>>> An RSA key can only encrypt data smaller than this key. So if we have an 2048 bit RSA key, it can encrypt some 2048 bit values, but not all. So 2047 should be the safe value here.
>>>
>>> IMHO this -1 is correct here.
>>>
>>> Mirko
>>
>> _______________________________________________
>> pycrypto mailing list
>> pycrypto at lists.dlitz.net
>> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>



More information about the pycrypto mailing list