[PYTHON-CRYPTO] aes library

Paul Rubin phr-pycrypt at nightsong.com
Fri Apr 5 05:08:50 CEST 2002 

    [Bram]
    > I thought we weren't going to try to mix modes for a single key, i.e.
    > we'd have:
    >
    >    a = AES.ECB(key)
    >    a.encrypt(str)
    >    a.decrypt(str)

    That's the approach I gave before, I figured I'd float this other
    one as a possibility - I don't have a strong preference either
    way, although if you're going to do both CBC and ECB operations,
    for example, the approach I just gave avoids multiple key setupds.

I strongly prefer separate objects per mode.  Mixing modes probably
leads to security failures.

    >     a.streamout(n)    # same as a.encrypt('\0'*n)

    The above is almost identical to the methods I meant to post for counter
    objects, except that I didn't include a streamout (although I can see it's
    utility, I don't have a strong opinion about it).

I think it's useful, but don't like the name streamout, and wonder if
anyone can suggest an alternative.

    reusing iv's is such a bad idea that I think having set_iv and
    get_iv is inadvisable, since it doesn't have any performance
    benefit when you're not reusing iv's, and encourages very bad
    behavior.

The idea isn't to re-use iv's, but rather, to be able to encrypt a
single message in multiple pieces if for some reason you don't want
to keep the cipher object open between pieces.  Normally you wouldn't
use these.

    I don't like the direction call at all - encryption and decryption
    are two completely different operations, likely not using any
    shared code, and using direction='d' is vastly more obscure than
    calling the constructor of CBC_decrypter.

They'd share code.  A direction flag is how most other systems do it,
and no one has complained.  I don't see any big philosophical difference,
and fewer different constructors makes the implementation simpler,
so I'd rather stay with the direction flag.

    Is it currently possible to implement DSA in pure Python? I'd like
    the minimum base functions put into the standard libs which make
    basic strong crypto possible without resorting to C code.

The math part of DSA is easy to implement in Python, but DSA requires
secure random numbers.  So once again, the CPRNG is the obstacle, not
the algorithm.

Btw, is anyone here good at Windows C programming and have dev tools?

Also, is anyone here on Python-dev?  We should send them an email
asking what kind of module they'd accept.  I propose something along
these lines:

   1) We think the "Cryptographic Services" part of the library should
      include a good encryption algorithm to go along with MD5 and
      SHA.  The rotor module is of questionable security and should be
      deprecated.  So we'd like to submit a module that does
      encryption based on AES, for inclusion in future Python
      releases.

      It would have an easy-to-use interface like the rotor module,
      and also provide an API that allowed more fine-grained control
      of the algorithm (modes of operation, etc.) for users who want
      that.  This module would be written in portable C.

   2) We'd also like to submit a CPRNG module.  Secure random numbers
      are central to many security algorithms and protocols, and
      CPRNG's are included in most current OS instances.  The lack of
      a CPRNG is a serious deficiency in the Python library.

      Unfortunately, it's not possible to write a good CPRNG portably.
      So we'd like to submit a CPRNG module with platform-dependent
      code that calls the OS-provided CPRNG's for Linux/BSD (apparently
      including Mac OS 10) and for Windows.  This should cover most of
      the boxes currently running Python.

      For other platforms we may be able to supply a sort-of-useable
      portable CPRNG that uses thread racing, but it should be used
      only as a fallback measure.  (This is sort of like the portable
      implementation of java.security.secureRandom, and anyway not all
      platforms provide threads).  However, even if we can't support
      all platforms, we still urge shipping a CPRNG for those
      platforms that can support it.

   3) For interoperability with older systems, we'd like to also support
      DES/3DES (DES is the predecessor of AES).  However this is lower
      priority for us than #1 and #2.

   4) We'd like to know the opinion of the Python maintainers about
      this stuff: how big an issue is OS dependence for #3?  Should we
      make separate modules for AES, DES, and CPRNG, or combine them all
      into one?  Is it ok if the AES/DES modules have a number of modes
      and entry points that will interest only advanced users?

More information about the python-crypto mailing list