[Python-ideas] adding digital signature and encryption "hashes" to hashlib?

Nick Coghlan ncoghlan at gmail.com
Sat Sep 26 03:49:27 CEST 2009

CTO wrote:
> EVP covers hashing, signatures, and encryption/decryption. If we're
> going
> to go for a longer name, maybe "cryptography" would be more
> appropriate?

Something to keep in mind while working on this is your threat model for
the library. If you aren't going to do anything to guard against
side-channel attacks (which are rather hard to avoid in a cross platform
algorithm on a general purpose PC) or against attacks which grab
unencrypted messages and keys from released-but-not-overwritten computer
memory or (worse) the swap file, then this should be mentioned in the

That way application developers that are looking for that extra level of
security will know they need to look elsewhere.


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-ideas mailing list