[issue8998] add crypto routines to stdlib

[Heikki Toivonen]

Heikki Toivonen <hjtoi-bugzilla at comcast.net> added the comment:

More or less random opinions on things presented before:

 * I prefer having secure defaults to over documentation, because, well, people don't read documentation.
 * If not secure defaults, then pointing out in documentation the secure way AND providing examples that always show the secure way of doing things.
 * I can't comment on aes 192 vs 256 as I have not really kept up with that, but it would be good to ask the opinion(s) of the real experts in this field before choosing the defaults/recommending them. Of course, if you can point to an article where the experts already voice their (recent) recommendations, fine.
 * When I have thought about Python crypto in the stdlib, I've considered modeling it after hashlib, so you would get cipher = cryptolib.AES(bits=192, ...) etc. (Caveat: haven't thought it through.)
 * I'd prefer if the crypto API didn't become OpenSSL specific (like the SSL one is), which would theoretically allow switching in other crypto provider(s).
 * The library should make it easy to do the most common operations with as few steps as practically possible.
 * It would be nice if the library could provide the means to tweak lower level things if you needed to. Unfortunately this has a tendency to get messy quick, because crypto stuff tends to have lots of options to tweak.

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue8998>
_______________________________________