[pycrypto] example

Sam Phippen samphippen at googlemail.com
Tue Aug 25 05:02:01 CST 2009 

2009/8/25 avo ga <avogatro2007 at googlemail.com>:
>>RandomPool is badly broken.  Don't use it.
>
> Thx for the hint.
> I will check  RandomPool and change it to some python build-in random
> function,
> if that helps.
>

Don't use python's built in random number generator it's not
cryptographically secure

>
> About DSA:
> I thought the actual pycrypto use SHA-1...
> make hash of the AES key with SHA2, and then sign the SHA2-hash. Is that
> what you mean?
>
> About RSA:
> i will check the code about OAEP.
> can't find it in the documentation. (but in wikipedia...)
>
> ELGAMAL signature requires a random number k: 2<k<p-1 with GCD(k,p-1)=1
> i used a fix prime. I will correct this.
>
> ELGAMAL ist important for me, because it has no patent /copyright.
>
>
>>
>> http://lists.dlitz.net/pipermail/pycrypto/2009q3/000116.html
>>
>> >#################### DSA only sign
>> >privatekeyCMS = DSA.generate(368, rpool.get_bytes)
>> >publickeyCMS = privatekeyCMS.publickey()
>> >signed_PWD = privatekeyCMS.sign(PWD,K)
>> >print "identity check:\n",publickeyCMS.verify(dec_PWD,signed_PWD)
>> >print "decrypted PWD from ELGAMAL:\n",dec_PWD
>>
>> PyCrypto's public key primitives are incomplete at this point, and you
>> should not use them unless you are willing to read both PyCrypto's source
>> code and the relevant specifications.  For RSA, you need OAEP (i.e.
>>  PKCS#1
>> v2.1) if you want security.  For DSA, there is a hash you need to compute
>> (it's not done for you automatically---see FIPS 186.  For ElGamal, I'm
>> pretty sure there's something too.
>>
>> That's all I'm willing to comment on a vague question about a bunch of
>> uncommented demo code.
>>
>> --
>> Dwayne C. Litzenberger <dlitz at dlitz.net>
>>  Key-signing key   - 19E1 1FE8 B3CF F273 ED17  4A24 928C EC13 39C2 5CF7
>> _______________________________________________
>> pycrypto mailing list
>> pycrypto at lists.dlitz.net
>> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>
>
>
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>
>



-- 
Sam Phippen

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

More information about the pycrypto mailing list