Python SHA-based encryption function, new version
Richard Parker
richard at electrophobia.com
Sat May 11 16:46:48 EDT 2002
More information about the Python-list mailing list
Sat May 11 16:46:48 EDT 2002
- Previous message (by thread): __getitem__, __getslice__ question for python 2.2
- Next message (by thread): Python SHA-based encryption function, new version
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Paul Rubin at phr-n2002a at nightsong.com wrote on 5/6/02 3:10 AM: > Revision 1.15 is now up and has the correct fix. It also portably > incorporates the process ID into the nonce, on systems that support > os.getpid; Unix and Windows are among these. Thanks to Alex Martelli > for this suggestion. There are probably still bizarre conditions > under which you can re-use a nonce even on those systems, but you'll > have to work pretty hard at it now. > > The URL again is <http://www.nightsong.com/phr/crypto/p2.py>. Revision 1.15 appears to have a bug in p2_encrypt - the call to _hmac appears to be using the ciphertext as the HMAC key and the authentication key as the message. This can't have been what you intended, right? As it stands it is insecure. -Richard
- Previous message (by thread): __getitem__, __getslice__ question for python 2.2
- Next message (by thread): Python SHA-based encryption function, new version
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list