[Python-3000] 3.0 crypto
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Tue Sep 11 09:21:20 CEST 2007
On Sep 7, 2007, at 2:48 PM, Gregory P. Smith wrote:
> fwiw hashes are not cryptography.
I assume you mean legally? I was referring to the fact that we're
specifically discussing cryptographic hashes.
> I see nothing wrong with leaving pycrypto as an add-on library as
> most things don't need it. http://www.amk.ca/python/code/crypto.
Last I heard, AMK was no longer maintaining pycrypto, and a number of
people have found weird issues with it and were generally uncertain
of the correctness of the implemented crypto.
> The pycrypto API is is very nice. But if we were to consider it
> for the standard library I'd prefer it just link against OpenSSL
> rather than use its own C implementations and just leave platforms
> without ssl without any crypto.
That's one option, although there seems to be some FUD surrounding
OpenSSL licensing and its interactions with the GPL:
<http://www.gnome.org/~markmc/openssl-and-the-gpl.html>
It's also a standalone library, and it strikes me as much nicer to
just have Python provide the crypto functionality out of the box. So,
if we built an API atop the (public domain) LibTomCrypt code that
mimicked that of pycrypto, would anyone object to getting that kind
of thing into the Python source distribution?
> Besides the chances are that most programmers seeing a crypto
> library will misuse it and gain a false sense of security on what
> they've done. ;)
Consenting adults, etc.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
More information about the Python-3000
mailing list