openstack
/
trove
Code Issues Proposed changes

encrypt_data(): don't encode IV to base64 

Encoding the IV (Initialization vector) to base64 means that each
byte only contains 6 bits of entropy per byte, whereas an IV can
contain up to 8 bits of entropy of byte. The Crypto AES function
accepts any byte string for the IV.

Since the IV is included in the encrypted string (as a prefix of a
fixed size), this change is backward compatible. Data encrypted with
the old code is decodable with the old and with the new code.

Change-Id: I210a21b80599110309fb92b4670e7a5749e94756
This commit is contained in:
Victor Stinner 2016-04-01 15:36:55 +02:00
parent 576fcb19ad
commit fdab0d8bc1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
trove/common/crypto_utils.py
View File

@ -47,7 +47,7 @@ def unpad_after_decryption(data):
def encrypt_data(data, key, iv_bit_count=IV_BIT_COUNT):
md5_key = hashlib.md5(key).hexdigest()
iv = encode_data(Random.new().read(iv_bit_count))[:iv_bit_count]
iv = Random.new().read(iv_bit_count)[:iv_bit_count]
aes = AES.new(md5_key, AES.MODE_CBC, iv)
data = pad_for_encryption(data, iv_bit_count)
encrypted = aes.encrypt(data)