[pycrypto] Bug in PyCrypto 2.6.1
Dwayne Litzenberger
dlitz at dlitz.net
Mon Dec 22 14:28:14 PST 2014
On Fri, Dec 12, 2014 at 01:58:27PM +0100, Luis González Fernández wrote:
>Any news about this?
>>> from Crypto import __version__
>>> print(__version__)
2.0.1
>>> from Crypto.PublicKey import RSA
>>> import os
>>> RSA.generate(2048, os.urandom).size()
2047
Ugh. Yeah, this is yet another flaw in the design of
Crypto.PublicKey.pubkey. Unfortunately, this behavior has existed since
at least PyCrypto 2.0.1, so I don't think we should silently change it
at this point. The whole thing should probably be deprecated and
replaced, but at this point it might be better for new code to just use
pyca's RSA primitive:
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives.asymmetric import rsa
>>> k = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend())
>>> k.key_size
2048
>>> # See docs: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/
I think it would be worth putting a warning and an example in the
docs/docstring about this.
Cheers,
- Dwayne
On Fri, Dec 12, 2014 at 01:58:27PM +0100, Luis González Fernández wrote:
>Hi All:
>
>Any news about this?
>
>
>On 01/12/14 18:48, Lorenz Quack wrote:
>> On 01/12/14 17:23, Mirko Dziadzka wrote:
>>> Oh, I totally agree. Either the name or the implementation has a
>>> problem.
>>
>> +1
>>
>>>
>>> I was just pointing out that the behavior is consistent with the
>>> documentation in
>>> https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA._RSAobj-class.html#size
>>
>> I disagree. As I showed in the code example and you pointed out in
>> your previous post there are *some* values that the key can handle
>> with more bits than reported by size().
>> So, size() is *not* the "maximum number of bits that can be handled by
>> this key".
>> It is the maximum number of bits that is guaranteed to work for all
>> values.
>>
>> Lorenz
>>
>>>
>>> Mirko
>>>
>>>
>>> On 01.12.2014, at 17:31, Paul Koning <paul_koning at dell.com> wrote:
>>>
>>>> To me, key_size means the size of the key. It doesn’t mean the
>>>> largest value you can encrypt. If that is what is intended, or if
>>>> it has to stay that way for historical reasons, fine, but it needs
>>>> to be very clearly pointed out in the documentation because it is
>>>> unexpected and counterintuitive.
>>>>
>>>> paul
>>>>
>>>>> On Dec 1, 2014, at 11:13 AM, Mirko Dziadzka
>>>>> <mirko.dziadzka at gmail.com> wrote:
>>>>>
>>>>> HI
>>>>>
>>>>> Some thoughts about this …
>>>>>
>>>>>> _RSA.RSAobj.size.__doc__ says: Return the maximum number of bits
>>>>>> that can be handled by this key
>>>>>
>>>>> An RSA key can only encrypt data smaller than this key. So if we
>>>>> have an 2048 bit RSA key, it can encrypt some 2048 bit values, but
>>>>> not all. So 2047 should be the safe value here.
>>>>>
>>>>> IMHO this -1 is correct here.
>>>>>
>>>>> Mirko
>>>>
>>>> _______________________________________________
>>>> pycrypto mailing list
>>>> pycrypto at lists.dlitz.net
>>>> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>>>
>>> _______________________________________________
>>> pycrypto mailing list
>>> pycrypto at lists.dlitz.net
>>> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>>>
>>
>> _______________________________________________
>> pycrypto mailing list
>> pycrypto at lists.dlitz.net
>> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>
>--
>
>--
>Luis González Fernández
>https://www.luisgf.es
>PGP ID: C918B80F (DD6F BFC1 FC14 4C81 34F8 EA1E 6BCB C27F C918 B80F)
>Twitter: @luisgf_2001 / Jabber: luisgf at mijabber.es
>
>
>_______________________________________________
>pycrypto mailing list
>pycrypto at lists.dlitz.net
>http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
--
Dwayne C. Litzenberger <dlitz at dlitz.net>
OpenPGP: 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
More information about the pycrypto
mailing list