[pycrypto] Typo or bug?

Dave Pawson dave.pawson at gmail.com
Tue Jun 26 07:59:29 EDT 2012

On 26 June 2012 12:31, Legrandin <gooksankoo at hoiptorrow.mailexpire.com> wrote:

> Choice of the IV is critical for security.
> For CFB, the combination IV and key must be use only with one message, and
> never occur again.
> That is explained here:
> https://www.dlitz.net/software/pycrypto/api/current/Crypto.Cipher.blockalgo-module.html#MODE_CFB

(I think I need more reading to select one!)

> IV needs indeed to be share by the party encrypting and by the party
> decrypting the message.
> Up to pycrypto 2.5, when no iv was provided to new() a string of zeroes was
> automatically used.
> Depending on your application, that may or may not be a problem. It is wiser
> to always make iv explicit.

Which explains why my 'old' code failed. Thanks.

Needing both key and iv... It sounds like asking for two keys to unlock a box?
Is that the idea?


Dave Pawson
Docbook FAQ.

More information about the pycrypto mailing list