[PYTHON-CRYPTO] PEP 272
Bram Cohen
bram at GAWTH.COM
Sat Mar 23 08:15:19 CET 2002
Paul Rubin wrote:
> I begin to wonder if this PEP is useful at all. It basically
> specifies a fairly low level interface to a symmetric. I just don't
> see the need to swap block ciphers in and out of applications.
I agree that it makes much more sense to just create an aes module, the
discussion of what it's API should be still applies though.
> >Add incremental encryption versions of all modes where it's applicable
>
> This doesn't seem really appropriate for a low level interface.
> Rather, the low level interface should ensure that incremental
> interface can be provided by a class that calls generic cipher
> objects, and then include an implementation of such a class in our
> module.
That would be a good design, if done right, I'm not sure how the
lowel-level stuff would work though, and it should definitely be nicely
wrapped in normal modes for people to call from their programs.
> I think the incremental encryption interface should look similar to
> the current interface for hash functions, e.g.:
>
> e = encrypter.new(cipher)
> for plaintext in getplaintext():
> ciphertext = e.update(plaintext)
> output_stream.write(ciphertext)
> output_stream.write(e.final())
That's what I was thinking as well.
> >Add support for multiple padding modes for CBC and others to which it
> >might be applicable
>
> Don't add multiple padding modes for CBC without a good reason.
> Just pick a mode and specify it.
One could just support exact size roundoffs and make people do their own
padding with another call or two to ECB.
> >Get rid of cross-mode API unification. This produces some awful
> >kludges and I've never heard of anyone actually swapping out one
> >mode for another They're just too different.
>
> I'm not sure what this refers to.
Oh, a few things, like how counter mode should really take an integer to
specify it's start value instead of a string, and how CBC might not accept
arbitrary byte boundaries - minor things, but getting all the modes to
look *exactly* the same takes a lot of uncomfortable shoehorning.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
More information about the python-crypto
mailing list