[PYTHON-CRYPTO] randpool.getBytes(self,N) bug if N < 20 bytes in amkCrypto 0.1.3 .
Adam Fleming
Afleming at ES-NET.CO.UK
Wed Apr 10 16:28:02 CEST 2002
I was just experimenting with the library when this issue came up, but if
you call GetBytes with N < 20, the result increases the value of entropy,
which is clearly daft. The problem is that dsize is larger than num when
subtracted from it, so when num is subtracted from self.entropy it increases.
The following is an alteration to the routine to allow less than 20 byte
reads, I expect your flames shortly over this issue. :
def getBytes(self,N) :
s=''
i, pool = self._getPos, self._randpool
h=self.hash.new()
dsize=self.hash.digestsize
num = N
while num>0
h.update(self._randpool[i:i+dsize])
s=s+h.digest()
num=num-dsize
i=(i+dsize) % self.bytes
if i<dsize:
self.stir()
i=self._getPos
self._getPos =i
self.entropy=-8*N
if self.entropy<0 :
self.entropy=0
return s[:N]
Enjoy,
Adam.
More information about the python-crypto
mailing list