rotor alternative?

[Paul Rubin]

"A.M. Kuchling" <amk at amk.ca> writes:
> http://mail.python.org/pipermail/python-dev/2003-April/034957.html . I
> originally deprecated rotor with the goal of getting an AES module into 2.3.
> The objection was then raised that having crypto produces legal hassles in
> various countries, so the idea of an AES module was shot down but rotor was
> deprecated anyway as one step to removing it.  

This is unfortunate, especially since it's so simple to implement
strong cryptography with the already-existing modules like SHA.

Maybe there needs to be a crypto and a non-crypto distribution.
That's what was done for both Netscape and MSIE for years, under the
old US export restrictions.  For Python nowadays, it will be easier,
since the problem isn't exporting from Python's central distribution
point, but rather with importing into certain repressive regimes.  So
it's not required for the distribution point (as long as it's in a
free country) to try to enforce any restrictions on downloading
cryptography, as Netscape and Microsoft formerly had to do.  It can
just provide two links (crypto and non-crypto) and let the user
download whatever they want.

I also continue to urge inclusion of a secure random number generator
in the Python library, per the technical discussions we've already
had about how to do that.  I don't think that would count as cryptography.