[Python-Dev] SHA-256 module

Gregory P. Smith greg at electricrain.com
Wed Jun 30 18:52:14 EDT 2004 

> >Unfortunately, distributing crypto software is still a hideous
> >international mess (just because the *US* is less silly these
> >days...).
> 
> Things have been liberalizing rapidly.  I'm not sure how true that is 
> anymore, though I don't have direct experience (aside from offering some 
> crypto software on a website; people download it from all over the place, 
> but maybe they're scofflaws, who knows).
> 
> I know US export is no problem.  According to [1], most countries have no 
> laws restricting imports, with the notable exception of ex-USSR countries 
> and China, which require licenses.  I've heard anecdotally the Russian 
> requirements are mostly ignored [2].  I don't know about China.
> 
> More anecdotal evidence: The windows python installer includes strong 
> crypto (SSL).  Has that caused problems?

Agreed.  Python already includes crypto and US export is nothing more
than a harmless "let US Dept of Whateveritscalledtoday know that X has
crypto in it."  the bsddb module includes encrypted database support in
it (unless the windows packager has been building the non crypto version
of the library distributed by sleepycat; i haven't checked).

The point about SSL being included is interesting.  The OpenSSL library
provides implementations of all of the important hash algorithms (and
uses them in order to implement ssl!).  Its hashing code is much better
optimized on various architectures than the python module ever will
be.  I just filed feature request 983069 to keep this on the radar.

> There's protocols that can use SHA-256, like SSH, S/MIME, or PGP, but these 
> all require other crypto primitives, so your point stands.  And I 
> agree:  crypto primitives should probably be considered as a lump.  If 
> ciphers are absolutely not going to get in, putting in other crypto stuff 
> is not that helpful..

To waffle on my earlier question of "what uses sha256 w/o also needing
crypto?"...  One reason I can see for adding sha-256 and sha-512 (and
224/384 wrappers) to standard python is that they will potentially be
used in future distributed data storage and p2p protocols for large data
set integrity checking.

-g

More information about the Python-Dev mailing list