[Cryptography-dev] Fernet with AES192/256
Todd Knarr
tknarr at silverglass.org
Sat May 28 01:17:38 EDT 2016
On 05/27/2016 09:27 PM, Alex Gaynor wrote:
> The problem is Fernet refers to a specific standard, if you change it,
> you've got something new and not interoperable :-)
Oddly, it /would/ interoperate (at least using cryptography's
implementation) if you used the correct-sized key for the AES encryption
(and if you weren't using the correct size, you wouldn't be using the
right key and decryption should correctly fail). At least that's what it
looks like. I need to do a proper test, but it looks like the changes
are all in the Fernet class's __init__ and generate_key methods to use
the desired key size instead of the current hard-coded 128 bits. Ugly
but minimal-modifications method is to derive Fernet256 from Fernet
implementing __init__ and generate_key with the hard-coded values
changed to 256 bits, clean method is to rename Fernet to FernetBase and
alter __init__ and generate_key to work based on the passed-in key
length or requested number of key bits, then new Fernet, Fernet192 and
Fernet256 classes derive from FernetBase forcing 128-, 192- or 256-bit
AES keys. Names of the latter two classes could be changed, I use them
just to remind myself that they're all related except for the key size.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20160527/a90baa23/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4160 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20160527/a90baa23/attachment.bin>
More information about the Cryptography-dev
mailing list