views:

755

answers:

4

I've been looking at most python crypto libraries, I've decided to use either PyCrypto or M2Crypto.
I've discarded ezPyCrypto because it only supports MD5 for signing and Keyczar because it's not mature enough.

So I've read that RSA is vulnerable to several attacks if the to-be-encrypted text (or signature hash) is not properly padded.
What does it mean?
Neither PyCrypto or M2Crypto mention anything about this and google didn't find anything relevant. Do these libraries automatically add the paddign? How can one tell?

If the answer to the above is no, what is considered proper padding?

A: 

Not entirely sure, but if you add a random component to your RSA message it prevents dictionary attacks

cobbal
+1  A: 

I recently fought through figuring out encryption...this article helped alot in explaining what was ment by padding:

http://www.di-mgt.com.au/cryptopad.html

(method one seemed the easiest for me to implement)

I can share some code snippets if needed.

P.S. This file came in handy too in helping create secure keys (google for it) PBKDF2.py - PKCS#5 v2.0 Password-Based Key Derivation

kazin
+2  A: 

One of the reason for random padding might be that "from the book" RSA with low exponent (let's say 3) can be cracked really simply if the exact same message is sent to several people (three).

You'd therefore better make sure that you don't send the exact same message by applying some kind of random (yet inversible) transformation to your message before.

Maybe that's what thing padding is about !?

EDIT: I looked on wikipedia. what I was talking about is called Hastad's attack.

poulejapon
+2  A: 

PyCrypto doesn't add the mentioned padding.
M2Crypto instead does.

M2Crypto is built on top of openSSL, supports mostlyl everything you need, is still maintained and up to date while PyCrypto issues several deprecation warnings.

Prody