Crypto.Cipher.ARC4, bust or me doing something wrong?

[Paul Rubin]

Michael Sparks <michaels at rd.bbc.co.uk> writes:
> Rather than re-inventing wheels I thought I'd pick a library sit down
> and see how pycrypt's meant to be used before actually going anyway.
> (Amongst other reasons, this is why I suspected me, rather than the
> library :-)

Pycrypt doesn't operate at anything like the level you need.  It just
gives you low level cipher primitives.  You need higher level protocols.

> FWIW, I'm well aware how easy it is to get cipher/digest/etc based
> security/id systems wrong. I'm really starting with pycrypt because it
> looked simple enough, low level enough and self contained enough to
> act as a base for working with existing more complex systems. 

Do yourself a favor and stick to something standard like TLS, rather
than cook up your own protocol.  There are some Python wrappers for
OpenSSL or GNU TLS, for example.

> Anyway, once I've gone through all of the existing digests/ciphers/PK
> ciphers, I'll post the snippets up on our site as raw examples for
> pycrypto, which will hopefully be a) correct usage b) be useful to
> others. 

You really need to know a lot more than it sounds like you know, to
have any chance of getting fancy protocol designs correct.  

 http://www.cs.ucdavis.edu/~rogaway/classes/227/spring05/book/main.pdf

is a textbook that will show you how to do this, or at least give you
an idea of what you're dealing with.  Watch out, it is rather theoretical.