SHA-based encryption function in Python

Paul Rubin phr-n2002a at nightsong.com
Thu Apr 25 08:15:09 EDT 2002 

Bryan Olson <fakeaddress at nowhere.org> writes:
> Let me see if I understand.  We start with a shared secret key called
> "key", which may be of any length.  Each message requires it's own nonce
> of 16 bytes....
> The ciphertext is the exclusive or of the plaintext and the running key.
> The nonce travels with the ciphertext.

Yes, this is correct.

> Now I have a few suggestions.
> 
> The system presents a cipher, a MAC, key derivations, and formats. I
> think these should be defined individually.  I agree with defining how
> to encrypt-and-sign with a master key, but I think the smaller elements
> should also be defined and exposed on their own.

I guess that could be worthwhile--any comments from comp.lang.python
readers who might actually want to use this thing?  So far, only the
sci.crypt crowd seems to be saying anything.

> I would separate the IV from the ciphertext, and make computing the MAC
> a separate function.  I see no need to include the nonce in computing
> the auth_key. In some protocols, such as SSL/TLS, we would send a stream
> in many sections.

I thought of adding a function that would allow encrypting in segments
but don't currently have applications that need that.  Remember that
the main goal of this code (and I didn't expect it to become such a
complicated project) was to just have something in portable Python
that could be used instead of the silly rotor module.  It's slow
enough that it would be painful to encrypt large files with it.  And
in an SSL-like protocol it still seems ok to encrypt-and-sign each
message.  (You couldn't implement real SSL with this module because of
the nonstandard cipher).

> Here's a candidate reference implementation.  Each function does one
> thing that I believe should be individually defined.  The code is
> written for lucidity and simplicity, not speed. I'm using Paul Rubin's
> latest (at the time of this writing) MAC, but really I recommend going
> with HMAC.

OK, I might reorganize the code somewhat, to supply those additional
functions.  I've also come up with what should be a pretty fast way to
do HMAC in Python (see my other followup), so I'll switch the MAC to HMAC.

Thanks as always.

Paul

More information about the Python-list mailing list