geremy condra wrote: > On Tue, Jan 26, 2010 at 12:37 PM, M.-A. Lemburg <m...@egenix.com> wrote: > > <snip> > >> You are also using CBC mode, even though you are really after >> ECB mode (your code doesn't use chaining). With ECB mode, you >> don't need the IV string. > > However, ECB mode is not as secure- the IV is the right way to go > here.
Right - I forgot that PyCrypto applies the chaining internally when being passed data of more than 32 bytes. > I'd also note that you aren't supposed to use RandomPool anymore, > and that AES-192 is frequently recommended over AES-256 for > new applications due to a number of recent developments in > the cryptanalysis of its key schedule. Do you have pointers for this ? I could only find http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security and https://cryptolux.org/Block My reading of their FAQ (https://cryptolux.org/FAQ_on_the_attacks) is that using AES-128 is the way to go (and it's faster too) - at least for the time being. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jan 26 2010) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ -- http://mail.python.org/mailman/listinfo/python-list
