[PYTHON-CRYPTO] PEP-272 Deficiencies - Comments

Paul Paul at CRYPTORIGHTS.ORG
Sun Dec 16 21:15:51 CET 2001 

At 3:54 PM -0700 12/15/01, Jason R. Mastaler wrote:
>phr-pycrypt at nightsong.com writes:
>
>>  Is a draft copy of PEP 272 actually available somewhere?
>
>http://python.sourceforge.net/peps/pep-0272.html

This api has several problems:

1) I agree with Janusz A. Urbanowicz's earlier note that symmetric
encryption should be a class.  The initialization can give it the
key.  Note that it may later need to be reinitialized, so a
      set_key(key)  method should also be available and the initialization
                    should be optional (but raise an exception on use when no
                    key is available)


2) The modes of operation should not be parameters. The modes create
new algorithms types.  It's easy to spin out new mode algorithms with
a mode "wrapper" class.

3) A class based implementation of an encryption algorithm should be
able to handle large strings or files that may not all be in a single
variable. Please consider the example of encrypting large
multi-gigabyte files. So there are a couple of possible approaches:
a) you need two or three methods for encryption
     to indicate when you have full data versus partial
b) use you a parameter in encrypt to indicate if more data might be coming

    For example:
      ct = aes.encrypt('abcdefghijklmnop')
    versus
      ct = aes.encrypt_partial('abc')
      ct = ct + aes.encrypt('defghijklmnop')

I've written all my algorithms for option "b" above, but the example
and option "a" look like they read a little better.

Note that above implementation requires that the algorithm class
store non-byte aligned data between encryption steps.  It also means
that algorithm classes have a common perception of "state".
Algorithm states might be:
"unkeyed"   - class existing, but key not set or not valid
"ready"     - good key no data has been processed
"midstream" - some data encrypted, more possible
               must store alg state and excess non-aligned bytes.
               When the final a bit of data is processed this
               state goes back to "ready" and all local stuff
               (alg state, key tables) should be reset
All of the above could be made easy for an api by creating a SymmetricCipher
Class that all specific algorithms are derived from.

4) IV should not be a parameter, but should be built into the
algorithms that require IVs.  If you ever get around to using
hardware based cryptography it is very important to have the IV
generated by the hardware.  This also ensures that a "good" IV
generation method is built into the base algorithms. This also
implies that

5) Naming conventions should be provided to allow for block oriented
algorithms to automatically provide padding.  This is a big hole in
current algorithm standards work.  In a year or so NIST may catch up.
Similar to the way a mode (like CBC) augments a base cipher, a
padding mode defines how a block aligned transformation can be
extended to be byte aligned.



Paul A. Lambert



--

More information about the python-crypto mailing list