Encryption source code with md5

Robert Kern robert.kern at gmail.com
Mon Apr 5 02:42:59 CEST 2010

On 2010-04-04 17:44 , geremy condra wrote:
> On Sun, Apr 4, 2010 at 6:03 PM, Robert Kern<robert.kern at gmail.com>  wrote:
>> On 2010-04-03 20:21 , Lawrence D'Oliveiro wrote:
>>> In message<4baf3ac4$0$22903$e4fe514c at news.xs4all.nl>, Irmen de Jong wrote:
>>>> On 28-3-2010 12:08, Lawrence D'Oliveiro wrote:
>>>>> Don’t use MD5.
>>>> Also, md5 is not an encryption algorithm at all, it is a secure hashing
>>>> function.
>>> You can use hash functions for encryption.
>> You can *build* an encryption algorithm out of hash functions as a
>> primitive, yes. Paul Rubin's p3.py is an example of using SHA-1 to build an
>> encryption algorithm:
>>   http://www.nightsong.com/phr/crypto/p3.py
>> However, a hash function is not an encryption algorithm itself. One does not
>> "encrypt with md5" as the OP asked. For crypto-knowledgeable people, this
>> may just be an issue of terminology (although I think an important one), but
>> I think it demonstrates the ignorance of the OP and the need for Irmen's
>> clarification.
>> --
>> Robert Kern
> I don't mean to disrespect Paul Rubin, but p3.py comes up in every discussion
> of cryptography in python on this list and, AFAICT, has yet to come under
> significant cryptanalytic scrutiny. That doesn't make it a bad example in this
> case, but I would caution the OP that it probably doesn't make it a good
> candidate for your encryption needs.

For people looking for standardized cryptography, Google works fine to find 
PyCrypto or M2Crypto. p3 comes up so often in this group because people that 
need to ask here are looking for reasonably performant, pure-Python crypto, and 
p3 is the best-of-breed given those constraints (it happens to be mentioned here 
as an example, not a recommendation). Its security derives from its use of 
standardized, well-scrutinized components (and no, the recent attacks on SHA-1 
do not affect the security properties that p3 relies on). It will probably never 
receive the kind of attention that AES or the rest get because it will never be 
fast enough to even be considered a peer of those algorithms.

Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
  that is made terrible by our own mad attempt to interpret it as though it had
  an underlying truth."
   -- Umberto Eco

More information about the Python-list mailing list