[PYTHON-CRYPTO] More thoughts [ replies to Ng ]

Thu Feb 8 21:34:57 CET 2001

> OpenSSL may or may not be bloatware, but IMHO its benefits are significant:
>
> 1. Portable to many platforms.
> 2. Assembly code on popular platforms.
> 3. Beginning to support hardware accelerators.
> 4. Bundled with recent open source Unices.
> 5. Large numbers of language bindings: Python, Perl, Tcl, Erlang, etc.
>
> It certainly does not provide merely "a few crypto functions."

Your point, although salient, seems to miss what I was driving at. Evidently
OpenSSL provides myriad crypto routines, protocols and primitives. What I
postulated was that joe average python programmer will only ever use a few of
those functions. Proposals such as waiting for OpenSSL to include AES before
making it available to the python programmer make me shudder. Imagine the
reaction of the programmer packaging that app that only uses AES but suddenly
must include a 2 meg library. Granted, OpenSSL is already quasi-omnipresent
on *nixes, but real consumer applications have to deal with Windows and Mac.

I hope you don't misinterpret my opinions. I use OpenSSL daily for tasks
ranging from Apache mod_ssl to SSH to SCP and it performs admirably.  I
simply do not support any initiative that would see all of python's
cryptographic eggs placed in one basket.  Python is modular by design and we
should keep it that way.

> It is nice to have fun, of course, but is your loose interpretation of
> TLS secure? Which other implementation(s) does it interoperate with?

Very valid questions. I will do my best to address them here. Please keep in
mind some of this I have implemented, other parts are on my todo list. :)

>From RFC 2246 page 14:

>> The security parameters for a TLS Connection read and write state are
>> set by providing the following values: (SecurityParameters)

Connection End: Client or Server
BulkCipherAlgorithm: AES
CipherType: CBC
key_size: 192  # I chose 192 because my public key is 233 bit EC
key_material_length: 233  # the 233 bit secret exchanged
is_exportable: NO
mac_algorithm: SHA256
hash_size: 256
compression_algorithm: None

<note of interest>
The TLS RFC explicitly states that compression occurs BEFORE encryption,
which, in my opinion, is an extreme oversight in the face of recent zip
signature attacks on encrypted data. Maybe I'm wrong, but I prefer to do the
compression at the network layer. This is why my TLS SecurityParameters do
not have compression.
</note of interest>

Client and Server MAC, keys and IVs are all generated from the master secret.
The master secret, client and server randoms are created using a thread
scheduling entropy PRNG of my colleague's creation. See Sci.Crypt archives
for details or ask me about it. I'd love some input on its security. It's a
4K python script.

The handshake protocol is currently lacking certificates, but is otherwise
functional. I could remedy this if Bryan Olson would contact me.

The Change Cipher Spec protocol is not implemented nor do I intend to do so
due to the fact that I do not support any other block ciphers besides AES.

The Alert protocol is implemented as follows: If any fatal alerts occur, the
connection is immediately terminated. Other errors are ignored. This will
most likely change in future versions.

I have not tested my implementation of TLS with any other existing
implementions.

[ from another reply of Ng's ]

> >>> from crypto import aes
> >>> encryptor = aes( "key string")  # Can be hashed or not?

>You'll need to be able to specify IV and mode.

Good point. I assumed that we were talking about ease of use for laymen. You
can intuit that the aes constructor would look like this:

__init__(self, key=None, mode="ECB", IV=None)

Thanks for the comments! I hope this discussion continues on it's present
path. It will surely result in something cool!

Regards,
--
<==================================>
Bryan Mongeau
Lead Developer, Director
eEvolved Real-Time Technologies Inc.
www.eevolved.com
<==================================>

"He who joyfully marches to music rank and file, has already earned my
contempt. He has been given a large brain by mistake, since for him the
spinal cord would surely suffice. This disgrace to civilization should be
done away with at once. Heroism at command, how violently I hate all this,
how despicable and ignoble war is; I would rather be torn to shreds than be a
part of so base an action. It is my conviction that killing under the cloak
of war is nothing but an act of murder."-- Einstein