Hi Dinesh, I think I coincidentally responded to your question on stack overflow a bit ago. Here is what I said there:
This is an artifact of the malleability of base64 with Python's decoder. When the fernet token is base64 decoded everything you've added is discarded. This means that when the HMAC value is checked the ciphertext is intact and the token passes the integrity check as expected. While this is not directly a problem, it could become a problem if a user does something unwise with presumed token uniqueness. To be clear, Fernet has strong integrity guarantees for the token payload, but the base64 itself has limited malleability. Over 3 years ago I tried to get the Fernet spec updated to require strict base64 encoding (https://github.com/fernet/spec/pull/11) but unfortunately the authors are not maintaining their spec and nothing has happened. We don't want to break compatibility with other Fernet implementations and this issue, while annoying, isn't enough to convince me that we need to fork it at this time. -Paul > On Nov 3, 2018, at 1:44 PM, Dinesh K. Somani <dinesh.k.som...@gmail.com> > wrote: > > Hi > > I am a new user of py-cryptography. I am finding that even the encrypted > token is modified at end, it still decrypts OK. How so? > > Here is a test script > > from cryptography.fernet import Fernet > f = Fernet( Fernet.generate_key() ) > word = b"very secret thing" > print("encrypting...", word) > token = f.encrypt( word ) > print("decrypting...", len(token), token,) > reword = f.decrypt( token ) > print("works as expected" if reword == word else "oops!") > > modtoken = str.encode( token.decode() + "?abcd." ) > print("modified token, appended stuff") > print("decrypting...", len(modtoken), modtoken) > reword = f.decrypt( modtoken ) > print("whoops! still decrypts ok" if reword == word else "good boy!") > > and the output was > > encrypting... b'very secret thing' > decrypting... 120 > b'gAAAAABb3TIJLCgbVdq-CgQ3V7V3eehQ02h_O70iZkCjd6KCU9GsErog-c-LluWITQg5lTsp5ldoTc0J_XdFCd-jhoJPOYAKyQbzbHDJZKTGORIJSflO1do=' > works as expected > modified token, appended stuff > decrypting... 126 > b'gAAAAABb3TIJLCgbVdq-CgQ3V7V3eehQ02h_O70iZkCjd6KCU9GsErog-c-LluWITQg5lTsp5ldoTc0J_XdFCd-jhoJPOYAKyQbzbHDJZKTGORIJSflO1do=?abcd.' > whoops! still decrypts ok > > Is this expected behavior? If so, how do I check if the token is not modified > between encrypt and decrypt? > > python 3.6.6 on ubuntu under WSL > > > Regards > Dinesh > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
