Ticket #1179 (closed discussion: wontfix)

Opened 3 years ago

Last modified 1 year ago

SimpleCrypt in 64-bit Python can't decrypt passwords encrypted in 32-bit python

Reported by: paul Assigned to: paul
Priority: major Milestone: 0.8.3
Component: ui Version: 0.8.4
Keywords: SimpleCrypt decrypt encrypt pwobscure Cc:

Description (Last modified by paul)

The encrypted values gotten from dabo.lib.SimpleCrypt?.SimpleCrypt?().encrypt() aren't portable between 32-bit and 64-bit versions of Python.

First example is run on 64-bit Ubuntu, and shows me successfully encrypting and decrypting a value. This is followed by me attempting to decrypt the same value encrypted on 32-bit Windows: 

>>> from dabo.lib.SimpleCrypt import SimpleCrypt
>>> sc = SimpleCrypt()
>>> enc_val = sc.encrypt("paul")
>>> print enc_val
LCCXA3JF6D9D
>>> sc.decrypt(enc_val)
'paul'
>>> from_32 = "P3EW1EXFEB47"
>>> sc.decrypt(from_32)
'\xa4\x98\x02\xa5'

Second example shows the same problem on 32-bit Windows trying to decrypt a value from 64-bit Ubuntu: 

>>> from dabo.lib.SimpleCrypt import SimpleCrypt
>>> sc = SimpleCrypt()
>>> enc_val = sc.encrypt("paul")
>>> print enc_val
P3EW1EXFEB47
>>> sc.decrypt(enc_val)
'paul'
>>> from_64 = "LCCXA3JF6D9D"
>>> sc.decrypt(from_64)
'\n\xdd\xaf\xfd'

Change History

11/25/08 09:58:33 changed by paul

  • description changed.

06/22/09 11:47:40 changed by paul

  • owner changed from somebody to paul.
  • status changed from new to assigned.
  • type changed from defect to discussion.

I think this ticket should move to the wiki as it is informational and not something we can fix.

08/18/09 13:47:07 changed by paul

To avoid this problem, you must define your own Crypto class, and then set your dApp instance to use that Crypto class instead of the default SimpleCrypt?. Here's an *insecure* example of the idea: 

import random
import zlib
import binascii

F = 42

class Crypto(object):
  def conv(self, text):
    return ''.join([chr(F+ord(s)) for s in text])
  def deconv(self, text):
    return ''.join([chr(-F+ord(s)) for s in text])

  def encrypt(self, text):
    return binascii.hexlify(zlib.compress(self.conv(text)))

  def decrypt(self, text):
    return self.deconv(zlib.decompress(binascii.unhexlify(text)))


if __name__ == "__main__":
  import sys 
  crypto = Crypto()
  for arg in sys.argv[1:]:
    testStr = arg 
    encrypted = crypto.encrypt(testStr)
    print "%s: %s" % (testStr, encrypted)

Then set your dApp instance's Crypto property to an instance of this Crypto class. IOW: 

class MyApp(dApp):
  def initProperties(self):
    self.Crypto = myCrypto.Crypto()

08/18/09 14:43:31 changed by paul

In r5325, I added UserWarnings? to SimpleCrypt?, referencing this ticket, for information only.

02/01/11 20:34:43 changed by paul

  • status changed from assigned to closed.
  • resolution set to wontfix.

Closing the ticket, as it can't be fixed.