encrypt_data(): don't encode IV to base64
Encoding the IV (Initialization vector) to base64 means that each byte only contains 6 bits of entropy per byte, whereas an IV can contain up to 8 bits of entropy of byte. The Crypto AES function accepts any byte string for the IV. Since the IV is included in the encrypted string (as a prefix of a fixed size), this change is backward compatible. Data encrypted with the old code is decodable with the old and with the new code. Change-Id: I210a21b80599110309fb92b4670e7a5749e94756
This commit is contained in:
parent
576fcb19ad
commit
fdab0d8bc1
|
@ -47,7 +47,7 @@ def unpad_after_decryption(data):
|
|||
|
||||
def encrypt_data(data, key, iv_bit_count=IV_BIT_COUNT):
|
||||
md5_key = hashlib.md5(key).hexdigest()
|
||||
iv = encode_data(Random.new().read(iv_bit_count))[:iv_bit_count]
|
||||
iv = Random.new().read(iv_bit_count)[:iv_bit_count]
|
||||
aes = AES.new(md5_key, AES.MODE_CBC, iv)
|
||||
data = pad_for_encryption(data, iv_bit_count)
|
||||
encrypted = aes.encrypt(data)
|
||||
|
|
Loading…
Reference in New Issue