[PYTHON-CRYPTO] PyCrypto Draft: Proposal 2001-02-18
Michael Ströder
michael at STROEDER.COM
Wed Feb 21 09:30:53 CET 2001
Andrew Archibald wrote:
>
> machine = PyCrypto.registry.getInstance("blowfish")(mode=PyCrypto.block.CBC,
> IV=my_iv,
> key="seekrit")
>
> Or, I suppose:
>
> blowfish = PyCrypto.regstry.getInstance("blowfish")
> machine = blowfish(mode=blowfish.CBC, IV=my_iv, key="seekrit")
Actually it's PyCrypto.getInstance(). I will just provide an extra
PyCrypto.getClass() to make everyone happy.
> Questions I have:
> What should be done about algorithms that have no OID yet? Pick a
> random one?
Several options:
- Use unique string names to register (good for testing).
- Use private OID arc for testing (good for testing).
- Use a registered OID arc for assigning authorized OIDs.
> How hard is it to find ASN.1 OIDs for known algorithms?
Peter Gutmann is maintaining a config file for his dumpasn1 tool:
http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg
It's the most complete and clean list I know of.
> In your algorithm categories, is "Ciphers" supposed to cover both
> symmetric and asymmetric algorithms?
Yes. But it's just the base class. Separate derived classes
AsymmetricCipher(Cipher) and SymmetricCipher(Cipher) are defined.
> Is "Hashes" supposed to cover
> both keyed and unkeyed hashes?
Yes. Feel free to give me reasons to separate it. Note: I focused on
the load mechanism.
> If we provide a registerImplementation method, we should also provide
> an unregisterImplementation method --- If I disintall openSSL because
> it has a security hole, all my Python applications shouldn't start
> dying.
I don't know how to do that. If your applications are running and
were using OpenSSL it seems unpossible for me to deinstall OpenSSL
without messing up the applications.
> An alternative would be to scan the directory structure on demand.
This imposes strong rules to the directory layout of implementations
which I'd like to avoid.
Ciao, Michael.
More information about the python-crypto
mailing list