[pycrypto] Bug in PyCrypto 2.6.1
Luis González Fernández
luisgf at luisgf.es
Fri Dec 12 04:58:27 PST 2014
Hi All:
Any news about this?
On 01/12/14 18:48, Lorenz Quack wrote:
> On 01/12/14 17:23, Mirko Dziadzka wrote:
>> Oh, I totally agree. Either the name or the implementation has a
>> problem.
>
> +1
>
>>
>> I was just pointing out that the behavior is consistent with the
>> documentation in
>> https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#size
>
> I disagree. As I showed in the code example and you pointed out in
> your previous post there are *some* values that the key can handle
> with more bits than reported by size().
> So, size() is *not* the "maximum number of bits that can be handled by
> this key".
> It is the maximum number of bits that is guaranteed to work for all
> values.
>
> Lorenz
>
>>
>> Mirko
>>
>>
>> On 01.12.2014, at 17:31, Paul Koning <paul_koning at dell.com> wrote:
>>
>>> To me, key_size means the size of the key. It doesn’t mean the
>>> largest value you can encrypt. If that is what is intended, or if
>>> it has to stay that way for historical reasons, fine, but it needs
>>> to be very clearly pointed out in the documentation because it is
>>> unexpected and counterintuitive.
>>>
>>> paul
>>>
>>>> On Dec 1, 2014, at 11:13 AM, Mirko Dziadzka
>>>> <mirko.dziadzka at gmail.com> wrote:
>>>>
>>>> HI
>>>>
>>>> Some thoughts about this …
>>>>
>>>>> _RSA.RSAobj.size.__doc__ says: Return the maximum number of bits
>>>>> that can be handled by this key
>>>>
>>>> An RSA key can only encrypt data smaller than this key. So if we
>>>> have an 2048 bit RSA key, it can encrypt some 2048 bit values, but
>>>> not all. So 2047 should be the safe value here.
>>>>
>>>> IMHO this -1 is correct here.
>>>>
>>>> Mirko
>>>
>>> _______________________________________________
>>> pycrypto mailing list
>>> pycrypto at lists.dlitz.net
>>> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>>
>> _______________________________________________
>> pycrypto mailing list
>> pycrypto at lists.dlitz.net
>> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>>
>
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
--
--
Luis González Fernández
https://www.luisgf.es
PGP ID: C918B80F (DD6F BFC1 FC14 4C81 34F8 EA1E 6BCB C27F C918 B80F)
Twitter: @luisgf_2001 / Jabber: luisgf at mijabber.es
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20141212/f18743c3/attachment.sig>
More information about the pycrypto
mailing list