Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python: How to add RSA padding?

I've been looking at most python crypto libraries, I've decided to use either PyCrypto or M2Crypto.
I've discarded ezPyCrypto because it only supports MD5 for signing and Keyczar because it's not mature enough.

So I've read that RSA is vulnerable to several attacks if the to-be-encrypted text (or signature hash) is not properly padded.
What does it mean?
Neither PyCrypto or M2Crypto mention anything about this and google didn't find anything relevant. Do these libraries automatically add the paddign? How can one tell?

If the answer to the above is no, what is considered proper padding?

like image 282
Frantic Avatar asked Dec 30 '22 03:12

Frantic


2 Answers

PyCrypto doesn't add the mentioned padding.
M2Crypto instead does.

M2Crypto is built on top of openSSL, supports mostlyl everything you need, is still maintained and up to date while PyCrypto issues several deprecation warnings.

like image 185
Prody Avatar answered Jan 04 '23 17:01

Prody


One of the reason for random padding might be that "from the book" RSA with low exponent (let's say 3) can be cracked really simply if the exact same message is sent to several people (three).

You'd therefore better make sure that you don't send the exact same message by applying some kind of random (yet inversible) transformation to your message before.

Maybe that's what thing padding is about !?

EDIT: I looked on wikipedia. what I was talking about is called Hastad's attack.

like image 45
fulmicoton Avatar answered Jan 04 '23 17:01

fulmicoton