Surya/core 9290/py triplesec v4 #19

heronhaye · 2018-11-27T17:25:24Z

Resolves #15 #14

Wontfix's #8 due to deprecating py2.6

use test vectors from node lib
do encryption test vector as well

heronhaye · 2018-11-27T20:02:09Z

triplesec/utils.py

+
+    def __init__(self, string=b''):
+        self._obj = Crypto.Hash.keccak.new(digest_bits=512)
+        self.input = b""


is storing this okay (used in copy)?

Holding onto an empty string?

heronhaye · 2018-11-30T22:09:08Z

triplesec/__init__.py

+                try:
+                    print(plaintext.decode('ascii', 'strict'))
+                except UnicodeDecodeError:
+                    sys.stderr.write("Aborting: unable to decode plaintext as ASCII. Use -b to output binary.\n")


what do you think about this change? to avoid printing arbitrary unicode to console

maxtaco · 2018-12-03T16:21:12Z

triplesec/utils.py

+
+    def __init__(self, string=b''):
+        self._obj = Crypto.Hash.keccak.new(digest_bits=512)
+        self.input = b""


Holding onto an empty string?

maxtaco · 2018-12-03T16:21:29Z

triplesec/utils.py

+    def __init__(self, string=b''):
+        self._obj = Crypto.Hash.keccak.new(digest_bits=512)
+        self.input = b""
+        self.input += string


oh, you mean this....

I guess it can be called with some of the MAC key data in the HMAC construction, and therefore might be passing a MAC key around. That ok?

I usually assume that anything in the processes' memory is safe. But I saw a lot of scrubbing in the JS repo, is that necessary or just an extra precaution?

It was an extra precaution and likely not ineffective since with interpreted languages, you never really know what happens to memory.

That makes sense. I got rid of this custom stuff entirely. And I finally figured out what caused the sudden change: pysha3 upgraded to 1.0 and changed the default sha3 function, but we weren't version locked so tests started failing (which I just now did). Still using the library since it provides keccak which the python stdlib doesn't.

heronhaye added 6 commits November 27, 2018 12:24

Version 4

6e71636

ci

8469613

pip

d5aadd9

compat mode

6cbafdd

fixup cli

4a1469f

update readme

39abe26

heronhaye commented Nov 27, 2018

View reviewed changes

heronhaye requested a review from maxtaco November 27, 2018 20:03

heronhaye added 7 commits November 27, 2018 17:09

spec

e45478e

Compat v1

67dd846

py2

ae42431

Follow randomness generation spec

810b889

py2 compat

04426fe

don't output arbitrary binary

125b493

hexlify

31649d0

heronhaye commented Nov 30, 2018

View reviewed changes

maxtaco approved these changes Dec 3, 2018

View reviewed changes

heronhaye added 4 commits December 3, 2018 17:11

always use pysha

fa11c57

version lock

582e3c8

version lock setup.py

8b81e46

randomness test

6e5555d

heronhaye merged commit f68008a into master Dec 4, 2018

heronhaye deleted the surya/CORE-9290/py-triplesec-v4 branch December 4, 2018 15:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Surya/core 9290/py triplesec v4 #19

Surya/core 9290/py triplesec v4 #19

heronhaye commented Nov 27, 2018 •

edited

heronhaye Nov 27, 2018

maxtaco Dec 3, 2018

heronhaye Nov 30, 2018 •

edited

maxtaco Dec 3, 2018

maxtaco Dec 3, 2018

maxtaco Dec 3, 2018

heronhaye Dec 3, 2018

maxtaco Dec 3, 2018

heronhaye Dec 3, 2018

Surya/core 9290/py triplesec v4 #19

Surya/core 9290/py triplesec v4 #19

Conversation

heronhaye commented Nov 27, 2018 • edited

Choose a reason for hiding this comment

Choose a reason for hiding this comment

heronhaye Nov 30, 2018 • edited

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

heronhaye commented Nov 27, 2018 •

edited

heronhaye Nov 30, 2018 •

edited