IV silently changed meaning in PyCrypto 2.6; violates PEP 272
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Python-Crypto |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
The meaning of the 'IV' attribute on cipher objects silently changed in PyCrypto 2.6. The 'IV' attribute in PyCrypto 2.5 and below returned a value that could be passed to the .new() parameter in order to restore its current state. In PyCrypto 2.6, this was changed to be the initial IV that was passed to the .new() parameter.
PyCrypto 2.5 and below:
>>> from Crypto.Cipher import AES
>>> ciph = AES.new("\0"*16, AES.MODE_CBC, "ABCDEFGHIJKLMNOP")
>>> ciph.encrypt(
'a\
>>> ciph.IV
'a\
PyCrypto 2.6:
>>> from Crypto.Cipher import AES
>>> ciph = AES.new("\0"*16, AES.MODE_CBC, "ABCDEFGHIJKLMNOP")
>>> ciph.encrypt(
'a\
>>> ciph.IV
'ABCDEFGHIJ
The new behavior violates PEP 272:
IV
Contains the initial value which will be used to start a
cipher feedback mode; it will always be a string exactly one
block in length. After encrypting or decrypting a string,
this value is updated to reflect the modified feedback text.
It is read-only, and cannot be assigned a new value.
Also, despite what PEP 272 says, it was possible in PyCrypto 2.5 to modify the cipher's behavior by assigning to the 'IV' attribute. In PyCrypto 2.6, the assignment works, but has no effect.
Changed in pycrypto: | |
status: | New → Confirmed |
summary: |
- IV silently changed meaning in PyCrypto 2.6 + IV silently changed meaning in PyCrypto 2.6; violates PEP 272 |
description: | updated |
It looks like this bug was introduced when we added the Cipher. blockalgo. BlockAlgo wrapper class around all of the block ciphers: https:/ /github. com/dlitz/ pycrypto/ commit/ 6f9fe103a582999 c397f7bc8a22486 13a207b780