Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #57412 > unrolled thread
| Started by | Paul Pittlerson <menkomigen6@gmail.com> |
|---|---|
| First post | 2013-10-23 22:22 -0700 |
| Last post | 2013-10-24 09:35 +0200 |
| Articles | 6 — 3 participants |
Back to article view | Back to comp.lang.python
pycrypto: what am I doing wrong? Paul Pittlerson <menkomigen6@gmail.com> - 2013-10-23 22:22 -0700
Re: pycrypto: what am I doing wrong? Chris Angelico <rosuav@gmail.com> - 2013-10-24 18:07 +1100
Re: pycrypto: what am I doing wrong? Johannes Bauer <dfnsonfsduifb@gmx.de> - 2013-10-24 09:30 +0200
Re: pycrypto: what am I doing wrong? Chris Angelico <rosuav@gmail.com> - 2013-10-24 18:43 +1100
Re: pycrypto: what am I doing wrong? Johannes Bauer <dfnsonfsduifb@gmx.de> - 2013-10-24 09:33 +0200
Re: pycrypto: what am I doing wrong? Johannes Bauer <dfnsonfsduifb@gmx.de> - 2013-10-24 09:35 +0200
| From | Paul Pittlerson <menkomigen6@gmail.com> |
|---|---|
| Date | 2013-10-23 22:22 -0700 |
| Subject | pycrypto: what am I doing wrong? |
| Message-ID | <97dbe3cc-b739-4876-9221-1143dc1b8c73@googlegroups.com> |
I seem to have misunderstood something about the way Crypto.Cipher is supposed to work, because I'm getting unexpected results, here is my code..
import hashlib
from Crypto.Cipher import AES
from Crypto import Random
h = hashlib.new('sha256')
h.update('my key')
key = h.digest()
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CFB, iv)
txt = 'hello world'
# This is the part where I'm confused, because it seems like encrypt will output a different result every time, so how can I decrypt it?
msg = cipher.encrypt(txt)
>>> '|s\x08\xf2\x12\xde\x8cD\xe7u*'
msg = cipher.encrypt(txt)
>>> '\xa1\xed7\xb8h<l\x7f\xd7\xba\xed'
# etc
# it works like I would expect the first time when decrypting, if I follow the example from pycrypto docs:
msg = iv + cipher.encrypt(txt)
cipher.decrypt(iv + msg)
>>> '\x0b\xd9\x9f0\xd1\xb9E\x81;\x8a\xd4\xff\xdb\xd4\x83\x84\xbd$=\xf3\xaf@a8t\xd8Bz<\xce\xe26hello world'
# But it does not work subsequently:
msg = iv + cipher.encrypt(txt)
cipher.decrypt(iv+msg)
>>> '\xfb\xa1\xa8\x9e"L<\x10Rg\xb5f^\x8a\x17\xfd\xbd$=\xf3\xaf@a8t\xd8Bz<\xce\xe26\xde\xc6cD\xdal\'\xf3@(\xa6'
What am I doing wrong?
[toc] | [next] | [standalone]
| From | Chris Angelico <rosuav@gmail.com> |
|---|---|
| Date | 2013-10-24 18:07 +1100 |
| Message-ID | <mailman.1447.1382598445.18130.python-list@python.org> |
| In reply to | #57412 |
On Thu, Oct 24, 2013 at 4:22 PM, Paul Pittlerson <menkomigen6@gmail.com> wrote:
> msg = cipher.encrypt(txt)
>
>>>> '|s\x08\xf2\x12\xde\x8cD\xe7u*'
>
> msg = cipher.encrypt(txt)
>
>>>> '\xa1\xed7\xb8h<l\x7f\xd7\xba\xed'
>
> # etc
Is this strictly the code you're using? AES is a stream cipher; what
you've effectively done is encrypt the text twice, once as a follow-on
message from the other. To decrypt the second, you'll need to include
the first - or treat it as a stream, and decrypt piece by piece.
Untested code:
import hashlib
from Crypto.Cipher import AES
from Crypto import Random
# Shorter version of your key hashing:
key = hashlib.sha256("my key").digest()
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CFB, iv)
txt = 'hello world'
msg1 = cipher.encrypt(txt)
msg2 = cipher.encrypt(txt)
# You may need to reset cipher here, I'm not sure.
# cipher = AES.new(key, AES.MODE_CFB, iv)
cipher.decrypt(iv) # Initialize the decrypter with the init vector
print(cipher.decrypt(msg1))
print(cipher.decrypt(msg2))
I don't have pycrypto to test with, but running the same code with
Pike's Crypto module does what I expect here.
ChrisA
[toc] | [prev] | [next] | [standalone]
| From | Johannes Bauer <dfnsonfsduifb@gmx.de> |
|---|---|
| Date | 2013-10-24 09:30 +0200 |
| Message-ID | <l4aiai$2l1$1@news.albasani.net> |
| In reply to | #57422 |
On 24.10.2013 09:07, Chris Angelico wrote: > On Thu, Oct 24, 2013 at 4:22 PM, Paul Pittlerson <menkomigen6@gmail.com> wrote: >> msg = cipher.encrypt(txt) >> >>>>> '|s\x08\xf2\x12\xde\x8cD\xe7u*' >> >> msg = cipher.encrypt(txt) >> >>>>> '\xa1\xed7\xb8h<l\x7f\xd7\xba\xed' >> >> # etc > AES is a stream cipher; No, it is definitely not! It's a block cipher! However, since he uses CFB mode of operation, it behaves like a stream cipher. Best regards, Joe -- >> Wo hattest Du das Beben nochmal GENAU vorhergesagt? > Zumindest nicht öffentlich! Ah, der neueste und bis heute genialste Streich unsere großen Kosmologen: Die Geheim-Vorhersage. - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1@speranza.aioe.org>
[toc] | [prev] | [next] | [standalone]
| From | Chris Angelico <rosuav@gmail.com> |
|---|---|
| Date | 2013-10-24 18:43 +1100 |
| Message-ID | <mailman.1450.1382600610.18130.python-list@python.org> |
| In reply to | #57424 |
On Thu, Oct 24, 2013 at 6:30 PM, Johannes Bauer <dfnsonfsduifb@gmx.de> wrote: > On 24.10.2013 09:07, Chris Angelico wrote: >> AES is a stream cipher; > > No, it is definitely not! It's a block cipher! However, since he uses > CFB mode of operation, it behaves like a stream cipher. Sorry! Quite right. What I meant was, it behaves differently based on its current state. The SHA256 of "Hello, world!" is 315f5b...edd3 no matter how many times you calculate it; but the AES-encrypted text is going to change based on the previously-encrypted text. Hence the need to either, as stated in your other email, reset the internal state, or, as stated in my previous one, treat it as a stream. ChrisA
[toc] | [prev] | [next] | [standalone]
| From | Johannes Bauer <dfnsonfsduifb@gmx.de> |
|---|---|
| Date | 2013-10-24 09:33 +0200 |
| Message-ID | <l4aifp$2l1$2@news.albasani.net> |
| In reply to | #57412 |
On 24.10.2013 07:22, Paul Pittlerson wrote: > What am I doing wrong? You're not reinitializing the internal state of the crypto engine. When you recreate "cipher" with the same IV every time, it will work. Best regards, Joe -- >> Wo hattest Du das Beben nochmal GENAU vorhergesagt? > Zumindest nicht öffentlich! Ah, der neueste und bis heute genialste Streich unsere großen Kosmologen: Die Geheim-Vorhersage. - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1@speranza.aioe.org>
[toc] | [prev] | [next] | [standalone]
| From | Johannes Bauer <dfnsonfsduifb@gmx.de> |
|---|---|
| Date | 2013-10-24 09:35 +0200 |
| Message-ID | <l4aikg$2l1$3@news.albasani.net> |
| In reply to | #57425 |
On 24.10.2013 09:33, Johannes Bauer wrote:
> On 24.10.2013 07:22, Paul Pittlerson wrote:
>
>> What am I doing wrong?
>
> You're not reinitializing the internal state of the crypto engine. When
> you recreate "cipher" with the same IV every time, it will work.
Code that works:
#!/usr/bin/python3
import hashlib
from Crypto.Cipher import AES
from Crypto import Random
h = hashlib.new('sha256')
h.update(b'my key')
key = h.digest()
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CFB, iv)
txt = 'hello world'
msg = cipher.encrypt(txt)
print(msg)
cipher = AES.new(key, AES.MODE_CFB, iv) # Use *same* IV!
origtxt = cipher.decrypt(msg)
print(origtxt)
Also note that manually deriving a symmetric secret using SHA256 is an
INCREDIBLY bad idea. Have a look at PBKDF2.
Best regards,
Joe
--
>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
- Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1@speranza.aioe.org>
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web