rotor replacement
Nick Craig-Wood
nick at craig-wood.com
Wed Jan 19 05:30:02 EST 2005
Robin Becker <robin at SPAMREMOVEjessikat.fsnet.co.uk> wrote:
> Paul Rubin wrote:
> > "Reed L. O'Brien" <reed at intersiege.com> writes:
> >
> >>I see rotor was removed for 2.4 and the docs say use an AES module
> >>provided separately... Is there a standard module that works alike or
> >>an AES module that works alike but with better encryption?
> >
> >
> > If you mean a module in the distribution, the answer is no, for
> > political reasons.
> >
> .....I'm also missing the rotor module and regret that something useful
> was warned about and now removed with no plugin replacement.
>
> I had understood that this was because rotor was insecure, but you
> mention politics. Are other useful modules to suffer from politics?
>
> What exactly are/were the political reasons for rotor removal?
Presumably he is talking about crypo-export rules. In the past strong
cryptography has been treated as munitions, and as such exporting it
(especially from the USA) could have got you into very serious
trouble.
However I believe those restrictions have been lifted (the cat having
been let out of the bag somewhat ;-), and its easy to do this for open
source encryption software. A wade through
http://www.bxa.doc.gov/Encryption/enc.htm
Might be interesting.
A case in point: the linux 2.6 kernel is chock full of crypo and comes
with implementations of AES, ARC4, Blowfish, Cast5+6, DES, Serpent,
Twofish, TEA, etc. The linux kernel+source surely goes everywhere
python does so I don't think adding strong crypto modules to python is
a problem now-a-days.
AES in the core python library would be very useful and it would
discourage people from writing their own crypto routines (looks easy
but isn't!)
--
Nick Craig-Wood <nick at craig-wood.com> -- http://www.craig-wood.com/nick
More information about the Python-list
mailing list