[Python-ideas] adding digital signature and encryption "hashes" to hashlib?
Nick Coghlan
ncoghlan at gmail.com
Sat Sep 26 03:49:27 CEST 2009
CTO wrote:
> EVP covers hashing, signatures, and encryption/decryption. If we're
> going
> to go for a longer name, maybe "cryptography" would be more
> appropriate?
Something to keep in mind while working on this is your threat model for
the library. If you aren't going to do anything to guard against
side-channel attacks (which are rather hard to avoid in a cross platform
algorithm on a general purpose PC) or against attacks which grab
unencrypted messages and keys from released-but-not-overwritten computer
memory or (worse) the swap file, then this should be mentioned in the
documentation.
That way application developers that are looking for that extra level of
security will know they need to look elsewhere.
Regards,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
---------------------------------------------------------------
More information about the Python-ideas
mailing list