Python-Crypto

generating a 160-bit DSS key leads to eternal loop

Bug #247846 reported by Matthias Klose
6
Affects Status Importance Assigned to Milestone
Python-Crypto
Fix Released
Low
Darsey Litzenberger
python-crypto (Debian)
Fix Released
Unknown
python-crypto (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

>>> from Crypto.Util import randpool
>>> r=randpool.RandomPool()
>>> r.stir()
>>> from Crypto.PublicKey import DSA
>>> DSA.generate(161, r.get_bytes)
<Crypto.PublicKey.DSA.DSAobj instance at 0x2b8d00b21128>
>>> DSA.generate(160, r.get_bytes)
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib/python2.4/site-packages/Crypto/PublicKey/DSA.py", line 70, in generate
    V[k]=bytes_to_long(SHA.new(S+str(N)+str(k)).digest())
KeyboardInterrupt

Bug Watch Updater (bug-watch-updater)
Changed in python-crypto:
status: Unknown → Confirmed
Revision history for this message
Darsey Litzenberger (dlitz) wrote :

First of all, don't use RandomPool like that unless you want to end up with bugs like CVE-2008-0166 (the Debian openssl bug). See this:
    http://www.lag.net/pipermail/paramiko/2008-January/000599.html
    http://www.lag.net/pipermail/paramiko/2008-April/000678.html

I've confirmed this bug on my machine.

Changed in pycrypto:
assignee: nobody → dlitz
status: New → Confirmed
Revision history for this message
Vladimir Osintsev (osintsev) wrote :

Confirmed on Ubuntu 8.04.1

Changed in python-crypto:
status: New → Confirmed
Revision history for this message
Darsey Litzenberger (dlitz) wrote :

Here is some debugging information:

>>> DSA.generate(161, open("/dev/urandom", "rb").read, sys.stdout.write)
p,q
4096 multiples failed
h,g
x,y
<Crypto.PublicKey.DSA.DSAobj_c instance at 0xb7d4912c>

>>> DSA.generate(160, open("/dev/urandom", "rb").read, sys.stdout.write)
p,q
4096 multiples failed
4096 multiples failed
4096 multiples failed
4096 multiples failed
4096 multiples failed
4096 multiples failed
4096 multiples failed
4096 multiples failed
4096 multiples failed
4096 multiples failed
... [ad infinitum]

Revision history for this message
Darsey Litzenberger (dlitz) wrote :

FWIW, from my reading of the DSA spec, you should never be generating 160-bit DSA keys; The first parameter to DSA.generate should be multiples of 64 between 512 and 1024.

I'm still looking into this.

Revision history for this message
Darsey Litzenberger (dlitz) wrote :

Generating 160-bit DSA keys is now disallowed; DSA.generate now accepts only multiples of 64 between 512 and 1024, inclusive. Feel free to re-open this bug if you need something more than that.

http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=ec73777d49de6a53d0302d23c522070a08cf3f57

Changed in pycrypto:
importance: Undecided → Low
status: Confirmed → Fix Committed
Revision history for this message
Darsey Litzenberger (dlitz) wrote :

We believe this bug has been fixed in PyCrypto v2.1.0, which can be obtained from http://www.pycrypto.org/

Changed in pycrypto:
status: Fix Committed → Fix Released
Darsey Litzenberger (dlitz)
Changed in pycrypto:
milestone: none → 2.1.0
Bug Watch Updater (bug-watch-updater)
Changed in python-crypto (Debian):
status: Confirmed → Fix Released
Revision history for this message
Sebastian Ramacher (s-ramacher) wrote :

Since 2.3-2 has been uploaded to Ubuntu this bug can be closed.

Changed in python-crypto (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.