On 2009-02-25 13:25, Helmut Jarausch wrote: > Helmut Jarausch wrote: >> Hi, >> >> I've just tried to write a simple example using PyCrypto's >> AES (CBC mode) >> >> #!/usr/bin/python >> from Crypto.Cipher import AES >> >> PWD='abcdefghijklmnop' >> Initial16bytes='0123456789ABCDEF' >> >> crypt = AES.new(PWD, AES.MODE_CBC,Initial16bytes) >> # crypt = AES.new(PWD, AES.MODE_ECB) >> >> txt = 'ea523a664dabaa4476d31226a1e3bab0' >> >> c = crypt.encrypt(txt) >> >> txt_plain=crypt.decrypt(c) >> >> print txt_plain >> >> Unfortunately, txt_plain differs from txt - why? >> (Using MODE_ECB does work however) >> > > I just discovered that the following variant seems to work > crypt = AES.new(PWD, AES.MODE_CBC,Initial16bytes) > c = crypt.encrypt(txt) > crypt = AES.new(PWD, AES.MODE_CBC,Initial16bytes) # <<< re-initialize > txt_plain=crypt.decrypt(c) > > So, the crypt object seems to keep some state. > I haven't seen this mentioned in the documentation.
In CBC mode, all previous encryptions affect the next one, since the blocks are chained: http://en.wikipedia.org/wiki/Cipher_block_chaining#Cipher-block_chaining_.28CBC.29 In ECB mode, they are not, but then it doesn't provide much security unless you change the key frequently: http://en.wikipedia.org/wiki/Cipher_block_chaining#Electronic_codebook_.28ECB.29 (the wiki pages provide some nice graphics to see what's going on and why CBC is better than ECB) -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Feb 26 2009) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ -- http://mail.python.org/mailman/listinfo/python-list
