CTO <debatem1@gmail.com> wrote:
I know it seems that way at first glance, but in fact they are strongly related. There's a reason all three (and nothing else) are exported through OpenSSL's EVP API.
Bill
Don't get me wrong, I like the basic idea you're advancing, and in use hashes and crypto are frequently seen together,
Yes, that's the relationship I was thinking of. But from a broader philosophical view, a ciphertext can be thought of as a hash of a plaintext, too. A reversible hash.
IMO, adding public key crypto routines to hashlib seems almost guaranteed to increase that confusion.
Well, that could be. Perhaps the packaging "insight" I had wasn't inspired :-). I was thinking that from the crypto-ignorant point of view, they seem quite similar. A SHA256 hash can be seen as a digital "signature" (or I've heard it called a "fingerprint") of a sequence of bytes, just as with a public-key signature. Sure, what's going on is different, but from a utility point of view, it's much the same. This is why people post md5 checksums of downloadable packages -- it's a signature. Bill