SHA-based encryption function in Python

Bryan Olson fakeaddress at nowhere.org
Thu Apr 25 22:34:35 EDT 2002 

Paul Rubin wrote:

 > I thought of adding a function that would allow encrypting in segments
 > but don't currently have applications that need that.  Remember that
 > the main goal of this code (and I didn't expect it to become such a
 > complicated project) was to just have something in portable Python
 > that could be used instead of the silly rotor module.

I'm surprised such a trivial goal interests you.  If this isn't worth
doing well, then I think it's just another case of "hey look - I
invented a cipher", and personally I respond to those with "O.K. throw
it on the 'unused' pile."

The reason I'm enthusiastic about this project is that it actually meets
a need.  Due to silly politics, a variety of programming environments
ship with SHA-1 and without a decent cipher.  The value here is in
creating a strong and efficient cipher without stepping outside the
native programming languages.

The definition of the cryptosystem is much more valuable than any
particular implementation.  If you don't have a need to encrypt in
segments while preserving state in-between, then fine don't implement
it.  The definition of the system should still have that potential.

The reference implementation I offered doesn't offer a piece-by-piece
facility either, but by separating the IV and MAC from the ciphertext,
it defines what such a system should produce.

 > It's slow
 > enough that it would be painful to encrypt large files with it.

Sure, but stand-alone (en/de)cryption a large file at one time is
usually a mistake.  Even my reference implementation, on my 'budget'
Celeron 1200, is fast enough to saturate my DSL line many times over.

A Python-only cipher is of little, maybe negative, value.  A cipher that
is very fast in C (or ASM) and moderately fast in a variety of scripting
languages could be a serious player.  We should aim for the big-time.


 > And
 > in an SSL-like protocol it still seems ok to encrypt-and-sign each
 > message.  (You couldn't implement real SSL with this module because of
 > the nonstandard cipher).

Well, I kind of disagree with the principle.  If this cipher is to be of
real value, we should definitely not assume it will always be
"nonstandard".  It's unlikely to be a FIPS, but it could be at least as
standard as RC4.

SSL/TLS is designed to support multiple ciphers.  Certainly support for
AES is coming.  There's no reason this cipher can't be included.  I see
little use for an "SSL-like" protocol.  Protocols are valuable if and
only if they are widely implemented.


--Bryan

More information about the Python-list mailing list