forked from p15670423/monkey
Island: Add IEncryptor to __init__
Dnt abbrev in PassworBasedEncryptor and KeyBasedEncryptor Add comment for review and evaluate the padding function
This commit is contained in:
parent
1b91616778
commit
071a4eb1a7
|
@ -0,0 +1 @@
|
||||||
|
from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor # noqa: F401
|
|
@ -6,14 +6,14 @@ import logging
|
||||||
from Crypto import Random # noqa: DUO133 # nosec: B413
|
from Crypto import Random # noqa: DUO133 # nosec: B413
|
||||||
from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413
|
from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor
|
from monkey_island.cc.server_utils.encryption import IEncryptor
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
# KBE is an encryption method which use random key of specific length
|
# KeyBasedEncryptor is an encryption method which use random key of specific length
|
||||||
# and AES block cipher to encrypt/decrypt the data. The key is more complex
|
# and AES block cipher to encrypt/decrypt the data. The key is more complex
|
||||||
# one and hard to remember than user provided one. This class provides more secure way of
|
# one and hard to remember than user provided one. This class provides more secure way of
|
||||||
# encryption compared to PBE because of the random and complex key.
|
# encryption compared to PasswordBasedEncryptor because of the random and complex key.
|
||||||
# We can merge the two into the one encryption method but then we lose the entropy
|
# We can merge the two into the one encryption method but then we lose the entropy
|
||||||
# of the key with whatever key derivation function we use.
|
# of the key with whatever key derivation function we use.
|
||||||
# Note: password != key
|
# Note: password != key
|
||||||
|
@ -37,6 +37,7 @@ class KeyBasedEncryptor(IEncryptor):
|
||||||
cipher = AES.new(self._key, AES.MODE_CBC, cipher_iv)
|
cipher = AES.new(self._key, AES.MODE_CBC, cipher_iv)
|
||||||
return self._unpad(cipher.decrypt(enc_message[AES.block_size :]).decode())
|
return self._unpad(cipher.decrypt(enc_message[AES.block_size :]).decode())
|
||||||
|
|
||||||
|
# TODO: Review and evaluate the security of the padding function
|
||||||
def _pad(self, message):
|
def _pad(self, message):
|
||||||
return message + (self._BLOCK_SIZE - (len(message) % self._BLOCK_SIZE)) * chr(
|
return message + (self._BLOCK_SIZE - (len(message) % self._BLOCK_SIZE)) * chr(
|
||||||
self._BLOCK_SIZE - (len(message) % self._BLOCK_SIZE)
|
self._BLOCK_SIZE - (len(message) % self._BLOCK_SIZE)
|
||||||
|
|
|
@ -4,11 +4,11 @@ import logging
|
||||||
|
|
||||||
import pyAesCrypt
|
import pyAesCrypt
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption.i_encryptor import IEncryptor
|
from monkey_island.cc.server_utils.encryption import IEncryptor
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
# PBE as implemented takes low-entropy, user provided password and it adds some
|
# PasswordBasedEncryptor as implemented takes low-entropy, user provided password and it adds some
|
||||||
# entropy to it and encrypts/decrypts the data. This implementation uses AES256-CBC
|
# entropy to it and encrypts/decrypts the data. This implementation uses AES256-CBC
|
||||||
# and it is less secure encryption then KeyBasedEncryptor.
|
# and it is less secure encryption then KeyBasedEncryptor.
|
||||||
# The security of it depends on what will the user provide as password.
|
# The security of it depends on what will the user provide as password.
|
||||||
|
|
Loading…
Reference in New Issue