New Python block cipher API, comments wanted

Paul Rubin phr-n2003b at NOSPAMnightsong.com
Tue Jan 28 17:29:48 CET 2003


Nick Vargish <nav at adams.patriot.net> writes:
> > Note that the file I put up had a number of bugs; I've updated it
> > several times today.
> 
> When it comes to code that has to do cryptographic work, the above two
> statements are not comforting in combination.

The code doesn't have to do cryptographic work, it only has to
illustrate an API.  That's the main reason why I didn't test it a lot.

> Sorry if I come off like a smartass, but I've had some experience with
> security related software, and a rush to distribution is not a great
> development strategy.

It's not a "distribution".  It's not really even "software".  It's
code intended to be looked at, not used for real data.  It's too slow
to use in practice and the ciphers don't interoperate with anything
(that's part of the reason I had no test vectors to test against).
The purpose is to settle on an API before proceeding with a real
implementation.  But yeah, there were some types of testing I hadn't
thought of doing before first putting up the file.

The real release will, at minimum, pass all FIPS test vectors for DES
and AES.




More information about the Python-list mailing list