[PYTHON-CRYPTO] aes library

[Andrew Archibald]

On Sat, Apr 20, 2002 at 02:23:33PM -0700, Paul wrote:

> It also shows why IV should be part of the algorithm processing and
> not a parameter.

It's not very clear to me quite what this means, but I think we should
take as a typical sort of task implementing the TLS or SSH protocols;
for such a task we want a list of good ciphers, hash functions, and
MACs, callable similarly; and in particular we need to be able to
control exactly how padding is done and IVs are computed (the SSH
protocol, for example, gives an algorithm for computing all IVs from
the initial connection secret and the shared secret obtained from it).
So doing the IVs for the poor dumb user is not necessarily a good
idea.

Providing convenience functions, say a way to wrap up a hunk of data
so it's non-malleable and opaque (perhaps by computing the HMAC with
SHA-160, padding in some standard way and then using AES-128 in CBC
mode with a random IV drawn from /dev/urandom) might be a good idea,
although most crypto applications will either (a) be able to use TLS
entire or (b) want to implement a standard (possibly of their own
design), so it's not clear how much of this to automate.

Andrew