Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python inconsistent error when comparing two very large numbers

Tags:

python

I am fairly new to python and I'm writing a secure ftp server/client to handle basic uploading/downloading of files (but encrypted).

To ensure the client has the secret key, I encrypt and send a randomized 32 byte number. The client must decrypt the number, add one, re-encrypt it, and return it to the server. The server checks to see that the response is the random number + 1, then proceeds with the connection in the case that they are equivalent. The issue is that this works like 90% of the time, but sometimes will fail (even when the client sends a good response).

if int.from_bytes(challenge, "big") + 1 == int.from_bytes(response, "big"):
    print("Good\nExpected: {0}\nReceived: {0}".format(
        int.from_bytes(challenge, "big") + 1,
        int.from_bytes(response, "big")))
else: 
    print("Bad\nExpected: {0}\nReceived: {0}".format(
        int.from_bytes(challenge, "big") + 1,
        int.from_bytes(response, "big")))

9 times out of 10, this enters the True condition, however sometimes it fails. These are the examples of when it has failed:

Bad
Expected:
65159048323870645118410560973513118036375130115063959378348917255680432299875
Received: 
65159048323870645118410560973513118036375130115063959378348917255680432299875

Bad
Expected:
94602782648778784750235610259612519850690550920952731294858863927077528757933
Received:
94602782648778784750235610259612519850690550920952731294858863927077528757933

Note that every one of the above expected and received are actually identical.

Here are some examples of numbers that succeeded:

Good
Expected:
91751260209520864629218443027060768890746721638897648279482154562044918570881
Received:
91751260209520864629218443027060768890746721638897648279482154562044918570881

Good
Expected: 
104504930179798203375748204555227260444250367405369759767776407892919812999121
Received:
104504930179798203375748204555227260444250367405369759767776407892919812999121

Any idea what's going on? Thanks for your time. Edit: Code snippet:

Server side:

challenge = os.urandom(32)
socket.send_msg(challenge, encrypt=True)
response = socket.recv_msg(32, decrypt=True)

if int.from_bytes(challenge, "big") + 1 != int.from_bytes(response, "big"):
    print("Expected: {0}\nReceived: {0}".format(int.from_bytes(challenge, "big") + 1, int.from_bytes(response, "big")))

client side:

challenge = self._socket.recv_raw(32, decrypt=True)
challenge = int.from_bytes(challenge, "big") + 1
self.sckt.send_msg(challenge.to_bytes(32, "big"), encrypt=True)

Note that I have thoroughly tested the encryption code and socket messaging protocol, those are not the issue.

like image 655
Aserian Avatar asked Mar 11 '17 01:03

Aserian


1 Answers

The issue is with your format calls. You're using {0} twice, which means you get the first positional argument repeated twice in the output text. The integer conversion of response is never printed.

To fix the reporting (not whatever issue is causing the mismatched data), you should either use {0} and {1} once each, or leave out the numbers completely (Python will automatically use {0} for the first {} and {1} for the second, etc.

like image 111
Blckknght Avatar answered Oct 31 '22 22:10

Blckknght