New Python block cipher API, comments wanted
Andrew McGregor
andrew at indranet.co.nz
Wed Jan 29 06:47:07 EST 2003
--On Tuesday, January 28, 2003 21:48:28 -0800 Paul Rubin
<phr-n2003b at NOSPAMnightsong.com> wrote:
> In fact, I don't think any module implementing PEP 272 has ever been
> written, and the interface it describes isn't that great, so I
> wouldn't call the PEP process a big success where block ciphers are
> concerned. There was a bunch of subsequent discussion on
> Python-crypto that led up to the current proposal, and that seems to
> have done a better job.
Um, there is such a module, it's called PyCrypto and is at at least
revision 1.9. I've used it to write a significant application, which
interoperates with others using different libraries. Nice C or even ix86
assembler ciphers, very, very fast. It has an API feature I'd call
essential that are not part of PEP 272 but is included in your proposal,
that is the ability to change IV after creating a cipher, between uses of
it.
It implements much more than PEP 272, including quite nice public key
crypto (in pure python).
I think that that module is mature enough to roll into the distribution as
it is, or very close to it. The documentation may need expanded a bit.
There's nothing wrong with either your API or PEP 272 so far as I can see.
But there is mature code doing it the PEP 272 way.
> So, the only way to make apps which depend on a C module widely
> deployable is to get the module accepted into the Python library, and
> then wait a long time until most users have a new enough version of
> Python to have gotten the module along with it. I realize this is a
> screwy situation, but it's what we have. I hope it will be eased by
> the introduction of native-code Python compilers that will make fast
> enough code from pure Python libraries that we won't need as many C
> modules. But that's a long way in the future.
I largely agree with this; the app in question needs FIVE C modules, and is
thus a pain to install (psyco is pretty good for performance, but does
nothing for APIs not accessible in python).
Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20030130/1507946f/attachment.sig>
More information about the Python-list
mailing list