[PYTHON-CRYPTO] aes library

Bryan Mongeau bryan at EEVOLVED.COM
Thu Apr 4 18:53:36 CEST 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[ Perhaps the Reply-To headers of this list ought to direct replies to the
list rather than the sender? ]


On Thursday 04 April 2002 04:31 am, you wrote:
> I'm fairly optimistic about getting an AES-based encryption module
> accepted, since they already have that silly rotor module.  I worry
> more about getting a platform-dependent CPRNG accepted, and we need both.

What about platform-independent CPRNG's we could implement in pure python?
Like high-resolution timers and thread races that get their entropy from
system load?

> Fair enough.  If you're ok with it being the basis of a more general
> purpose AES module, I guess we can start hacking it.

Great. Do you think CVS would be needed? Who will be collaborating?

> Do you think that implementation is better (faster?) than a
> straightforward implementation in Python using Python long ints or
> gmpy, in characteristic p, maybe with projective coordinates?

To be honest with you Paul, I couldn't tell you if a pure python
implementation would be faster or not. I can guess that a GF2^N polynomial
basis implementation in python would be slower and an ONB or GF(p)
implementation might be faster, depending mostly on the speed of python's
long int code. When I started this Cryptkit thing a year ago, I really didn't
have the time, nor the mathematics needed to implement in pure python,
although I have thought about it.  However, now it seems like an interesting
course of action, especially with projective coordinates :-)

> I just looked at the cryptsock.py code and immediately notice:
>
>   1) it uses cPickle to deserialize messages, which has a security
>      hole (see current pickle docs) if the peer is hostile.

Yes, this is a problem I am aware of. There are other problems as well if you
keep looking :-)

>   2) It appears to do an ECC signature on every message--why do that,
>      if there's a shared secret key for the session?  Just put a
>      checksum underneath the secret-key encryption.

Very good point, thank you Paul.

Looking forward to working out an AES API...
- - --
Bryan Mongeau
http://eevolved.com/bryan
- - --
"The only thing that interferes with my learning is my education."-- Einstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEUEARECAAYFAjyshRAACgkQ3SCd0lDF8nY/HACY1gcy1b4Qq0WmP8psWdE44OfK
/gCbBUnGGsCr7hrgf7h/Qok1QfN+buE=
=ZtWU
-----END PGP SIGNATURE-----

More information about the python-crypto mailing list