Security: RC4 encryption primitives are exposed for active use#3713
Security: RC4 encryption primitives are exposed for active use#3713tuanaiseo wants to merge 1 commit intopy-pdf:mainfrom
Conversation
The cryptography provider implements and exposes ARC4/RC4 encrypt/decrypt paths. RC4 is cryptographically weak and should not be used for new data protection. If selected for PDF encryption, confidentiality is significantly weaker than modern AES-based modes. Affected files: _cryptography.py Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
|
Thanks for the PR. Please follow the usual code style and do not use custom approaches while ensure that all existing tests pass (which is not checked on your to-do list as well). Additionally, such a change should be discussed first as it might have further implications - especially given that changing a default requires a proper deprecation period. From the user side, having to maintain an environment variable feels a bit complicated just to enable this; all other choices are done by monkey-patching a constant. Edit: Why is this an issue for the cryptography provider only, but not for the pycryptodome or fallback provider? |
|
Closing due to the lack of response and unanswered open questions. Please open a issue outlining a proper migration path if you think that this is an actual issue. |
2 participants
Problem
The cryptography provider implements and exposes ARC4/RC4 encrypt/decrypt paths. RC4 is cryptographically weak and should not be used for new data protection. If selected for PDF encryption, confidentiality is significantly weaker than modern AES-based modes.
Severity:
lowFile:
pypdf/_crypt_providers/_cryptography.pySolution
Restrict RC4 to legacy-read compatibility only, disable RC4 for new writes by default, and require explicit insecure opt-in with clear warnings; prefer AES-256-based PDF encryption profiles.
Changes
pypdf/_crypt_providers/_cryptography.py(modified)Testing