[pycrypto] Typo or bug?
Dave Pawson
dave.pawson at gmail.com
Tue Jun 26 07:59:29 EDT 2012
On 26 June 2012 12:31, Legrandin <gooksankoo at hoiptorrow.mailexpire.com> wrote:
> Choice of the IV is critical for security.
> For CFB, the combination IV and key must be use only with one message, and
> never occur again.
> That is explained here:
>
> https://www.dlitz.net/software/pycrypto/api/current/Crypto.Cipher.blockalgo-module.html#MODE_CFB
Thanks.
(I think I need more reading to select one!)
>
> IV needs indeed to be share by the party encrypting and by the party
> decrypting the message.
>
> Up to pycrypto 2.5, when no iv was provided to new() a string of zeroes was
> automatically used.
> Depending on your application, that may or may not be a problem. It is wiser
> to always make iv explicit.
Which explains why my 'old' code failed. Thanks.
Needing both key and iv... It sounds like asking for two keys to unlock a box?
Is that the idea?
regards
--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk
More information about the pycrypto
mailing list