SHA-based encryption function in Python
Paul Rubin
phr-n2002a at nightsong.com
Wed Apr 24 01:04:28 EDT 2002
I've put together an encryption function written in Python using the
SHA module to provide a keystream in output feedback mode. It's
nowhere near as good as AES, but should be a big improvement over the
rotor module. It's at
http://www.nightsong.com/phr/crypto/p2.py
if anyone wants to look at it and make comments. Just say
import p2
to load it, and then to encrypt, say
ciphertext = p2.p2_encrypt(plaintext, passphrase)
and to decrypt, say
plaintext = p2.p2_decrypt(ciphertext, passphrase)
If you decrypt an altered ciphertext or use an incorrect key, the
decryption function raises a CryptError exception.
There is 24 bytes of plaintext expansion and it's slow for short
strings, but the module provides an integrity check, and is reasonably
fast on long strings (by pure-Python standards). It encrypts about
500k bytes/sec on my P3-750 on long strings, which is about 5x as fast
as RC4 coded in pure Python. I've tested it in Python 1.5.2 and 2.2.
Note, this is NOT the AES module discussed in the "Message encryption
function" sci.crypt thread recently (that module will be written in C
and use AES). However, following that discussion, this function makes
a nonce based on the key and plaintext as well as the current time and
an internal state based on the time of initialization and the values
of previously issued nonces. It currently doesn't try to use any
other system-dependent entropy. I might see if I can portably add
some to the next version.
It's possible that a nonce could get re-used if two separate Python
instances simultaneously encrypt the same plaintext with the same key.
That could happen, for example, on a cgi web server where two requests
come in very close together and each starts its own Python instance.
That could be a security failure in some applications, but hopefully
not many.
This version is intended for testing and review ONLY, and contains a
date check that stops it from running after June 1 (it tells you to
get a new version instead, in case there's security bugs in this test
version). Please don't remove the date check.
Please let me know of any problems/errors that you notice. If nobody
spots anything within maybe a week or two, then I'll release another
version without the date check. Future versions are obviously NOT
guaranteed to be compatible--if this version has a design error, the
error shouldn't be propagated.
I believe this code is exportable from the US under BXA exemption TSU
and that I've properly notified BXA of its publication on the web.
More information about the Python-list
mailing list