[Cryptography-dev] Create Fernet API allowing streaming encryption and decryption from file-like objects.
Michael Iverson
dr.michael.iverson at gmail.com
Mon Jan 19 17:16:39 CET 2015
On Mon, Jan 19, 2015 at 10:51 AM, Donald Stufft <donald at stufft.io> wrote:
> This is a fairly obvious way of handling that. However it’ll write a whole
> bunch of data to decrypted.txt and only fail after the very last chunk.
That is definitely a concern, and it cannot be readily mitigated, as not
keeping everything in memory is exactly what is required.
However, I'm not sure the chunk based approach necessarily mitigates this
problem either, as you could write out hundreds of chunks, only to have the
final chunk fail. Also, having multiple chunks also requires that we
somehow manage to ensure that we can identify missing or out-of-order
chunks.
I'd also be concerned about the cryptographic implications of this. I'm not
sure if this is entirely correct, but it seems if you set your chunk size =
AES block size, you essentially are encrypting in ECB mode.
I would presume there is a block size sufficiently large to mitigate this
problem, but I get chills up my spine when I use the word 'presume' in any
sentence about cryptography.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20150119/bf890b14/attachment.html>
More information about the Cryptography-dev
mailing list