[PYTHON-CRYPTO] Near-term projects for pycrypto

Steve Holden sholden at HOLDENWEB.COM
Sat Nov 24 20:41:13 CET 2001 

----- Original Message -----
From: "Paul Rubin" <phr-pycrypt at NIGHTSONG.COM>
To: <PYTHON-CRYPTO at NIC.SURFNET.NL>
Sent: Thursday, November 22, 2001 3:08 PM
Subject: Re: Near-term projects for pycrypto


> I don't think it's good to make pycrypto depend on OpenSSL.  OpenSSL
> is a huge cumbersome package that's not pre-installed on THAT many
> systems.  Pycrypto is the most useful if it can be a simple extension
> module that can be included easily with Python.  Most of the
> complexity in OpenSSL comes from supporting dozens of obscure ciphers
> that pycrypto doesn't need, and from dealing with X509 certificates
> and the whole ASN.1 machinery needed to support the certificate system
> in full generality, CA tools, etc.
>
Speaking as a lurker who got involved with Python crypto because I
needed to *use* it, having had to implement amk/mxCrypto was a
monumental PITA. It's not that the software isn't good, just that the
build isn't automated. I'm lucky enough to have the experience to
overcome (most of) the hurdles, but the build complexity of amkCrypto
certainly limits the user base.

Building SSL was just yet another unnecessary and unwanted step :-)

> Having python wrappers for all those functions to enable writing
> full-blown SSL applications in Python is a fine idea, but if pycrypto
> doesn't aim to do that, it shouldn't need OpenSSL.
>
Whether Pycrypto wants to be this I don't know, but there is certainly a
crying need for an easy-to-install, easy-to-use crypto package, with
performance as a secondary issue. If there were a harder-to-install,
higher-performance substitute package this would be a bonus.

> Proposed functions for Pycrypto:
> - AES and 3DES ciphers, plus maybe CAST and RC4.
> - MD5, SHA, SHA256, and SHA512 hash functions
> - DH and ECDH key exchange.  KEA authenticated key exchange(?).
> - DSA and/or ECDSA digital signature algorithms.
> - DH and ECDH-based (El Gamal) public key encryption
> - Possibly: RSA public key encryption and signatures
> - Possibly: SRP password authentication (http://srp.stanford.edu)
> - Yarrow-like PRNG
>
> All this stuff put together is about 1/100th the complexity of
OpenSSL.
>
> Someone suggested a Python JCA wrapper making it possible to call JCA
> service providers from Jython.  That's a nice idea in its own right,
> but like OpenSSL, it seems outside the scope of pycrypto.
>
> Finally, the public key functions should have a way to use GMP or gmpy
> for the bignum arithmetic, but also to use Python arithmetic if GMP
> isn't installed.  GMP's arithmetic is about 10x faster than Python's.
>
Sounds like a good idea, and I believe your suggested package content
would meet a high percentage of crypto requirements (though I installed
amkCrypto because I needed Blowfish).

regards
 Steve
--
http://www.holdenweb.com/

More information about the python-crypto mailing list