[Python-Dev] Cryptographic stuff for 2.3

[Guido van Rossum]

> A while ago Paul Rubin proposed adding a Rijndael/AES module to 2.3.
> (AES = Advanced Encryption Standard, a block cipher that's likely to
> be around for a long time).  Rubin wanted to come up with a nice
> interface for the module, and has posted some notes toward it.  I have
> an existing implementation that's 2212 lines of code; I like the
> interface, but opinions may vary. :)
> 
> Do we want to do anything about this for 2.3?  A benefit is that AES
> is useful, and likely to remain so for the next 20 years; a drawback
> is that it might entangle the PSF in export-control legalities.  I
> vaguely recall the PSF getting some legal advice on this point; am I
> misremembering?  What was the outcome?

I don't recall; I think Jeremy knows most about these issues.
Personally, I expect that even if we could get certification, it would
be much easier if there was no encryption code at all in Python, and
if people had to get it from a 3rd party site.

> If AES gets added, rotor can be deprecated to encourage people to use
> something better; patch is at <URL:http://www.python.org/sf/679505>.

Rotor should be deprecated regardless; I've never heard of someone
using it.

--Guido van Rossum (home page: http://www.python.org/~guido/)