4
votes

I've been looking at most python crypto libraries, I've decided to use either PyCrypto or M2Crypto.
I've discarded ezPyCrypto because it only supports MD5 for signing and Keyczar because it's not mature enough.

So I've read that RSA is vulnerable to several attacks if the to-be-encrypted text (or signature hash) is not properly padded.
What does it mean?
Neither PyCrypto or M2Crypto mention anything about this and google didn't find anything relevant. Do these libraries automatically add the paddign? How can one tell?

If the answer to the above is no, what is considered proper padding?

5

5 Answers

6
votes

PyCrypto doesn't add the mentioned padding.
M2Crypto instead does.

M2Crypto is built on top of openSSL, supports mostlyl everything you need, is still maintained and up to date while PyCrypto issues several deprecation warnings.

3
votes

One of the reason for random padding might be that "from the book" RSA with low exponent (let's say 3) can be cracked really simply if the exact same message is sent to several people (three).

You'd therefore better make sure that you don't send the exact same message by applying some kind of random (yet inversible) transformation to your message before.

Maybe that's what thing padding is about !?

EDIT: I looked on wikipedia. what I was talking about is called Hastad's attack.

1
votes

I recently fought through figuring out encryption...this article helped alot in explaining what was ment by padding:

http://www.di-mgt.com.au/cryptopad.html

(method one seemed the easiest for me to implement)

I can share some code snippets if needed.

P.S. This file came in handy too in helping create secure keys (google for it) PBKDF2.py - PKCS#5 v2.0 Password-Based Key Derivation

0
votes

Not entirely sure, but if you add a random component to your RSA message it prevents dictionary attacks

0
votes

Firstly, you should be using AES, since it is the de-facto standard.

AES encrypts bytes in block-sizes of 16 bytes. Obviously this works fine for any large piece of data. But the last bit of it, obviously maybe lesser than 16 bytes.

For the last block, you'll need to pad it,and typical padding is done via PCKS7, which is pretty straight-forward.

Lets say you have a string: "icecream" as the last block.

"icecream" is 8 bytes, so you need another 8 bytes to make a block

So what you do is simply append the character 8(not '8') 8 times

"icecream\x08\x08\x08\x08\x08\x08\x08\x08"

Would be your resultant string. Now you go ahead an encrypt the data.

Remember that while decrypting, you'll need to catch this last block, and strip the padding before using it.