Comment 9 for bug 502291

Revision history for this message
Darsey Litzenberger (dlitz) wrote : Re: [Bug 502291] Re: Support for PKCS#1 v1.5 signatures (RFC3447)

The goal behind the freeze is to improve security in a practical sense by ensuring that the project remains maintainable, and to avoid adding new security holes (especially in the C code).

Considering how many times I've seen people report the "plaintext too large" error as a PyCrypto bug rather than PEBKAC, I think we can make some huge security gains by adding PKCS#1 v2 and v1.5 support, without adding too much complexity to the code base.

I do want to pay close attention to the resulting API, however. The Crypto.PublicKey API is pretty unfriendly, and I'd like to avoid making the same mistake with PKCS#1.

"Thorsten Behrens" <email address hidden> wrote:

>Since this came up again on the mailing list: How does this play with
>the moratorium on new ciphers
>(http://lists.dlitz.net/pipermail/pycrypto/2010q3/000264.html)? It's
>not, strictly speaking, a new cipher, and Legrandin has a history of
>working on the RSA/DSA code. He patched in unit tests, too, which is
>great.
>
>I'd like to see this resurrected and brought in. I'll even volunteer to
>bring it into pycrypto-next, though for selfish reasons, I'd like to
>see
>the py3k work land on trunk first, then create a branch to bring this
>patch in. That'd make it easier to maintain one code base. The py3k
>work
>and this patch both have a large number of changes to the same files,
>which would be a pain to merge from two branches.
>
>--
>You received this bug notification because you are subscribed to
>Python-
>Crypto.
>https://bugs.launchpad.net/bugs/502291
>
>Title:
> Support for PKCS#1 v1.5 signatures (RFC3447)

--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.