[Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4

Alexander Bokovoy abokovoy at redhat.com
Thu Jul 23 09:06:18 UTC 2015


On Thu, 23 Jul 2015, Christian Heimes wrote:
>This patch removes the dependency on M2Crypto in favor for cryptography.
>Cryptography is more strict about the key size and doesn't support
>non-standard key sizes:
>
>>>> from M2Crypto import RC4
>>>> from ipaserver.dcerpc import arcfour_encrypt
>>>> RC4.RC4(b'key').update(b'data')
>'o\r@\x8c'
>>>> arcfour_encrypt(b'key', b'data')
>Traceback (most recent call last):
>...
>ValueError: Invalid key size (24) for RC4.
>
>Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported:
>
>>>> arcfour_encrypt(b'key12', b'data')
>'\xcd\xf80d'
>>>> RC4.RC4(b'key12').update(b'data')
>'\xcd\xf80d'
Note that we are using NTLMv2 or Kerberos user session keys which are
128 bit long in this context.

And please rework the spec file change as Honza noted.
-- 
/ Alexander Bokovoy




More information about the Freeipa-devel mailing list