[PYTHON-CRYPTO] Near-term projects for pycrypto

[Paul Rubin]

Hi, I'm away for the week and will have spotty email access til I get back.

A couple quick comments on last few messages:

1) IEEE 1363/P1363a has lots of stuff not in PKCS, including an
improved RSA padding scheme (OAEP as specified in PKCS1 has some
problems), and specifications for various elliptic curve schemes.  I
think Pycrypt should support at least one EC scheme.  For new
applications EC is preferable to RSA or DL schemes most of the time.

2) The generalized scheme from Applied Cryptography is just for DL
variants (stuff like DSA), not RSA.  It's a cool theoretical result
but IMO there's no point in implementing it.  It just gives the user
more ways to choose unsafe variants, and doesn't have any advantages.

3) Supporting the OpenSSL stuff is IMO only worthwhile if the intention
is to support actual SSL.

4) I don't see any point in supporting RC5 for interoperability since
I don't know of any important applications that use it.  IDEA is used
in legacy PGP versions but is only worth supporting in Pycrypt if
someone is going to write a Python version of PGP.  Otherwise, drop
IDEA.

5) I do see some point to supporting a generic fast 64-bit block
cipher like CAST or Blowfish, since some apps want 64-bit ciphers, and
3DES is slow.

6) The above is from the philosophical standpoint that Pycrypt is
mainly supposed to give app writers a way to put crypto into their
applications without being crypto experts.  The alternate view it's
more intended as a toolkit for experts.  Either view is ok with me,
but the designers should make a clear decision about what the goals
are, rather than muddling around between various possible goals.