PyCrypto: ¿Cuántos datos aleatorios se consideran seguros?

I'm using the RSA implementation in PyCrypto. With regard to the encrypt(self, plaintext, K) method K is a parameter of random data. I want to know how much random data needs to be passed in order for the encryted data to be considered secure. For example in my implementation I am passing a strong prime number of 1024 bits via the Crypto.Util.number module like so:

enc_data = public_key.encrypt(data, number.getPrime(1024))

Is this considered 'secure enough'?

Muchas Gracias

preguntado el 27 de agosto de 11 a las 17:08

@Tom Yes, I'm using Crypto.PublicKey.RSA. In the documentos it talks about using the Crypto.Util.number module to generate a prime number of a suitable length. My question is focusing on what is considered a "suitable" or "secure" length. -

I downloaded the package but now I can't find the source code for that class. I must be losing my mind. -

@Greg are you looking for the number class? it's in Lib\site-packages\Crypto\Util -

I don't see why you would need to pass a número primo here, if the goal is to have a random number - this would have less entropy than a normal random number of this size (and be harder to create). -

1 Respuestas

The RSA implementation no use the K parameter. You may ignore it; the RSA implemention does.

Looking at lines 59-60 of pycrypto-2.3/lib/Crypto/PublicKey/RSA.py ves lo siguiente:

def _encrypt(self, c, K):
    return (self.key._encrypt(c),)

Which proves that K, if supplied, is ignored.

Documentación oficial

Plus, the developers declare this explícitamente in the documentation. In fact, if you create a public key public_key y escribes

help(public_key.encrypt)

you will obtain their documentation, which explicitly says:

encrypt(self, plaintext, K) method of Crypto.PublicKey.RSA._RSAobj instance
Encrypt a piece of data with RSA.

...
...

:Parameter K: A random parameter (*for compatibility only. This
 value will be ignored*)
:Type K: byte string or long

Respondido 28 Abr '18, 15:04

Do you have a reference for that please? - Imran Azad

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.