Is PyCrypto safe and reliable to use?
https://stackoverflow.com/questions/7835974
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am planning on using PyCrypto for a project and I want to know whether PyCrypto is safe and reliable enough to use. How can I ensure that PyCrypto is encrypting data correctly according to the various encryption algorithms such as RSA and AES?
Solution
It depends.
Some parts of PyCrypto are really good. For example, the API for Crypto.Random (introduced in PyCrypto 2.1) was designed to be pretty foolproof, and the underlying algorithm it uses (Fortuna) was also designed to be pretty foolproof.
Other parts are just implementations of low-level crypto primitives, so it works, but you have to know what you are doing to use them correctly. For example, Crypto.PublicKey.RSA doesn't implement the full RSA PKCS#1 standard (which is what most people think about when they talk about "RSA"). It only implements the basic RSA primitive (m^e mod n and c^d mod n), and you still have to provide your own PKCS#1 implementation.
The best way to ensure that PyCrypto is encrypting your data correctly (without reading the source code, which I encourage everyone to do) is to use a standard protocol and/or message format, and test that your code interoperates with other implementations. If you're making up your own message format (which you probably shouldn't do anyway), then you need to be very careful to ensure that PyCrypto is actually doing everything that you think it's doing.
Disclaimer: I'm the current PyCrypto maintainer, so my opinions shouldn't be considered an independent review.
Update: PyCrypto v2.5 and later now include proper RSA PKCS#1 encryption and signature implementations. See the API documentation for Crypto.Cipher.PKCS1_OAEP and Crypto.Signature.PKCS1_PSS for details.
OTHER TIPS
Note that I am not an expert in crypto either. That said, I took a quick look at the PyCrypto code on github and at their mailing list. One of the things that gives me confidence is that there is good, expert contributions to the code base. The developers acknowledge insecurities and work to correct them.
If you have a specific use case that you need to be implemented securely, look at their code and ask on their list. Since they seem to leverage C/C++ libraries to do the work in many cases, you can check out the reputation of the base libraries directly.
No. PyCrypto is no longer under active development and the cryptography library should be used instead.
