Delegating to pyca/cryptography operations we can't secure #169
Comments
|
I think the majority of users of this library actually do the opposite: try to use a binary encryption package, and defer to python-rsa when that's not available. |
|
that would be rather surprising given the popularity of python-rsa, I think that most people using it don't consider the security of it—they google "Python RSA" and that's the first result. Also, that binary situation is changing: while pyca/cryptography couldn't be used in PyPy few years back, that is no longer the case; so even if you had to use pure python library before you may not to any more. just to be entirely clear: I'm not suggesting that python-rsa should stop working without pyca/cryptography, rather it should use it if it is available |
|
You make a good point, as usual 👍 |
|
FWIW at least python-jose (https://github.com/mpdavis/python-jose/blob/master/jose/backends/__init__.py) and google-auth (https://github.com/googleapis/google-auth-library-python/blob/main/google/auth/crypt/rsa.py), the two users I looked at, already prefer cryptography and fall back to this library if that's unavailable, as @sybrenstuvel said. |
As discussed in #165, the RSA decryption is not secure against side-channel attacks. Even if we implement the OAEP support (#68) the serialisation of integer to bytes may provide enough of a sidechannel to mount an attack.
So I was thinking if the code shouldn't try to use pyca/cryptography instead for performing the decryption operations, and rise a UserWarning in case pyca/cryptography is unavailable.
The text was updated successfully, but these errors were encountered: