[PYTHON-CRYPTO] aes library

Paul Rubin phr-pycrypt at nightsong.com
Fri Apr 5 03:57:16 CEST 2002 

    [Brian]
    > I'm fairly optimistic about getting an AES-based encryption
    > module accepted, since they already have that silly rotor
    > module.  I worry more about getting a platform-dependent CPRNG
    > accepted, and we need both.

    What about platform-independent CPRNG's we could implement in pure
    python?  Like high-resolution timers and thread races that get
    their entropy from system load?

I don't know what to think of these.  They're slow and I'm skeptical
of their security.  I think it's important to provide an interface to
system RNG's (almost all boxes running Python have system RNG's) I
wouldn't want a "portable" one to lead someone into thinking the
system one was redundant.

Have you tested your thread racing implementation much?  How do the
results look?

    > Fair enough.  If you're ok with it being the basis of a more general
    > purpose AES module, I guess we can start hacking it.

    Great. Do you think CVS would be needed? Who will be collaborating?

Sounds like we're all collaborating ;-).  I don't think CVS access to
the cryptkit repository is needed, if that's what you're asking.  This
would be a different module than cryptkit--it would just share some
code.  For the initial implementation I think someone (maybe Bram and
me) should just meet up and bang out the code, and circulate it for
testing informally via the list.  After that, we can put it up on
sourceforge with its own CVS.

    > and there don't seem to be any legal problems with
    > adding an AES module.

    What about including other modules in the standard lib, such as RSA or
    ECC?  Will it be possible to distribute Python with full, strong
    crypto out-of-the-box?

I think we'll have to ask the Python maintainers what they'd accept.
For me, the main thing is to get AES and a CPRNG in.  RSA or DH can
easily be done in pure Python.  ECC doesn't seem that important, and
in GF(p) it's probably ok to use pure Python.  No offense intended but
I'm opposed to submitting cryptsock in anything like its present form.

[Please don't cc: me responses, I get them thru the list and don't
want 2 copies --thanks].

More information about the python-crypto mailing list