[Python-ideas] adding digital signature and encryption "hashes" to hashlib?
Bill Janssen
janssen at parc.com
Mon Sep 21 17:43:49 CEST 2009
CTO <debatem1 at gmail.com> wrote:
> > I know it seems that way at first glance, but in fact they are strongly
> > related. There's a reason all three (and nothing else) are exported
> > through OpenSSL's EVP API.
> >
> > Bill
>
> Don't get me wrong, I like the basic idea you're advancing, and in
> use hashes and crypto are frequently seen together,
Yes, that's the relationship I was thinking of. But from a broader
philosophical view, a ciphertext can be thought of as a hash of a
plaintext, too. A reversible hash.
> IMO, adding public key crypto routines to hashlib seems almost
> guaranteed to increase that confusion.
Well, that could be. Perhaps the packaging "insight" I had wasn't
inspired :-). I was thinking that from the crypto-ignorant point of
view, they seem quite similar. A SHA256 hash can be seen as a digital
"signature" (or I've heard it called a "fingerprint") of a sequence of
bytes, just as with a public-key signature. Sure, what's going on is
different, but from a utility point of view, it's much the same. This
is why people post md5 checksums of downloadable packages -- it's a
signature.
Bill
More information about the Python-ideas
mailing list