Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PyCrypto AES MODE_CBC - How to?

2,727 views
Skip to first unread message

Helmut Jarausch

unread,
Feb 25, 2009, 7:21:03 AM2/25/09
to
Hi,

I've just tried to write a simple example using PyCrypto's
AES (CBC mode)

#!/usr/bin/python
from Crypto.Cipher import AES

PWD='abcdefghijklmnop'
Initial16bytes='0123456789ABCDEF'

crypt = AES.new(PWD, AES.MODE_CBC,Initial16bytes)
# crypt = AES.new(PWD, AES.MODE_ECB)

txt = 'ea523a664dabaa4476d31226a1e3bab0'

c = crypt.encrypt(txt)

txt_plain=crypt.decrypt(c)

print txt_plain

Unfortunately, txt_plain differs from txt - why?
(Using MODE_ECB does work however)

What am I missing?

Many thanks for a hint,

Helmut Jarausch

Lehrstuhl fuer Numerische Mathematik
RWTH - Aachen University
D 52056 Aachen, Germany

Helmut Jarausch

unread,
Feb 25, 2009, 7:25:13 AM2/25/09
to
Helmut Jarausch wrote:
> Hi,
>
> I've just tried to write a simple example using PyCrypto's
> AES (CBC mode)
>
> #!/usr/bin/python
> from Crypto.Cipher import AES
>
> PWD='abcdefghijklmnop'
> Initial16bytes='0123456789ABCDEF'
>
> crypt = AES.new(PWD, AES.MODE_CBC,Initial16bytes)
> # crypt = AES.new(PWD, AES.MODE_ECB)
>
> txt = 'ea523a664dabaa4476d31226a1e3bab0'
>
> c = crypt.encrypt(txt)
>
> txt_plain=crypt.decrypt(c)
>
> print txt_plain
>
> Unfortunately, txt_plain differs from txt - why?
> (Using MODE_ECB does work however)
>

I just discovered that the following variant seems to work
crypt = AES.new(PWD, AES.MODE_CBC,Initial16bytes)
c = crypt.encrypt(txt)
crypt = AES.new(PWD, AES.MODE_CBC,Initial16bytes) # <<< re-initialize
txt_plain=crypt.decrypt(c)

So, the crypt object seems to keep some state.
I haven't seen this mentioned in the documentation.

Helmut.


--

M.-A. Lemburg

unread,
Feb 26, 2009, 10:27:44 AM2/26/09
to Helmut Jarausch, pytho...@python.org
On 2009-02-25 13:25, Helmut Jarausch wrote:
> Helmut Jarausch wrote:
>> Hi,
>>
>> I've just tried to write a simple example using PyCrypto's
>> AES (CBC mode)
>>
>> #!/usr/bin/python
>> from Crypto.Cipher import AES
>>
>> PWD='abcdefghijklmnop'
>> Initial16bytes='0123456789ABCDEF'
>>
>> crypt = AES.new(PWD, AES.MODE_CBC,Initial16bytes)
>> # crypt = AES.new(PWD, AES.MODE_ECB)
>>
>> txt = 'ea523a664dabaa4476d31226a1e3bab0'
>>
>> c = crypt.encrypt(txt)
>>
>> txt_plain=crypt.decrypt(c)
>>
>> print txt_plain
>>
>> Unfortunately, txt_plain differs from txt - why?
>> (Using MODE_ECB does work however)
>>
>
> I just discovered that the following variant seems to work
> crypt = AES.new(PWD, AES.MODE_CBC,Initial16bytes)
> c = crypt.encrypt(txt)
> crypt = AES.new(PWD, AES.MODE_CBC,Initial16bytes) # <<< re-initialize
> txt_plain=crypt.decrypt(c)
>
> So, the crypt object seems to keep some state.
> I haven't seen this mentioned in the documentation.

In CBC mode, all previous encryptions affect the next one,
since the blocks are chained:

http://en.wikipedia.org/wiki/Cipher_block_chaining#Cipher-block_chaining_.28CBC.29

In ECB mode, they are not, but then it doesn't provide much
security unless you change the key frequently:

http://en.wikipedia.org/wiki/Cipher_block_chaining#Electronic_codebook_.28ECB.29

(the wiki pages provide some nice graphics to see what's going
on and why CBC is better than ECB)

--
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source (#1, Feb 26 2009)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::


eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/

0 new messages