cryptography default_backend is "hazmat"?

Chris Angelico rosuav at gmail.com
Sat Mar 18 18:15:29 EDT 2017


On Sun, Mar 19, 2017 at 8:58 AM, Ian Pilcher <arequipeno at gmail.com> wrote:
> Yet another newbie question/observation ...
>
> So every example I can find of using python-cryptography includes a
> call to cryptography.hazmat.backends.default_backend().  Of course, the
> documentation at https://cryptography.io/en/latest/hazmat/backends/
> says:
>
>   ! Danger
>
>   This is a “Hazardous Materials” module. You should ONLY use it if
>   you’re 100% absolutely sure that you know what you’re doing because
>   this module is full of land mines, dragons, and dinosaurs with laser
>   guns.
>
> Anyone else see a conflict here?

Not necessarily. I don't know about that exact example, but let me
give you a couple of others.

1) exec and eval. Very dangerous. Do not use them in production code
unless you know what you're doing.

Where do you find exec used? In namedtuple. Yep. Every time you create
a namedtuple, it exec's a big block of code with interpolated bits to
make your stuff happen. Is namedtuple dangerous because it uses exec?
No, because namedtuple has been well-written and is maintained with
care.

2) cffi, ctypes, extension libraries, etc - untrusted access to C
code. Incredibly dangerous, because you can mess up refcounts in
CPython, your code can't be ported to other Pythons without a lot of
care, and you can break things in ways you wouldn't even have thought
possible (try redefining the value of the integer 1 - Python gets
confused in a very short space of time).

Where are they used? All over the place. All over the place. Poke
around on PyPI and you'll find a ton of great modules that are written
in C (and not using Cython), and the Python community hasn't collapsed
under their collective fragility yet. Are they dangerous? Well, yes,
in the sense that certain types of bugs can segfault the interpreter
rather than raising an exception - but your code isn't more dangerous
because you type "import psycopg2".


So the question is: How well do you trust the examples? Are they
likely to be instructing you in a safe way to use this
potentially-dangerous module?

ChrisA


More information about the Python-list mailing list