Hello World
Chris Angelico
rosuav at gmail.com
Sun Dec 21 19:36:00 EST 2014
On Mon, Dec 22, 2014 at 11:12 AM, Roy Smith <roy at panix.com> wrote:
> In article <mailman.17098.1419207020.18130.python-list at python.org>,
> Chris Angelico <rosuav at gmail.com> wrote:
>
>> On Mon, Dec 22, 2014 at 10:50 AM, Roy Smith <roy at panix.com> wrote:
>> > Heh. I once worked on a C++ project that included its own crypo code
>> > (i.e. custom implementations of things like AES and SHA-1). The person
>> > who wrote some particular bit of the code had decided that deliberately
>> > obfuscating the function and variable names would somehow make it more
>> > secure, so that's what he did.
>> >
>> > The mind boggles. At so many levels.
>>
>> Level 0: Why implement your own crypto?!?
>>
>> ChrisA
>
> That would be one of the levels.
Good, I'm glad you agree on that one. I don't mind reimplementing some
other protocols (couple years ago now I built my own OAuth library
because the provided one was being terrible - no, this wasn't in
Python), especially the simple ones (SMTP or FTP - use a
library/module if available, but otherwise just establish a socket
connection and do whatever you need), and even complex protocols can
occasionally be worth reworking (Pike has its own PostgreSQL client,
rather than using libpq, and it gets some handy improvements in
concurrency), but crypto's one thing that it's *never* worth
rewriting.
ChrisA
More information about the Python-list
mailing list