[Python-ideas] adding digital signature and encryption "hashes" to hashlib?
geremy condra
debatem1 at gmail.com
Sat Sep 26 04:16:25 CEST 2009
On Fri, Sep 25, 2009 at 9:49 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
> CTO wrote:
> > EVP covers hashing, signatures, and encryption/decryption. If we're
> > going
> > to go for a longer name, maybe "cryptography" would be more
> > appropriate?
>
> Something to keep in mind while working on this is your threat model for
> the library. If you aren't going to do anything to guard against
> side-channel attacks (which are rather hard to avoid in a cross platform
> algorithm on a general purpose PC) or against attacks which grab
> unencrypted messages and keys from released-but-not-overwritten computer
> memory or (worse) the swap file, then this should be mentioned in the
> documentation.
>
> That way application developers that are looking for that extra level of
> security will know they need to look elsewhere.
>
> Regards,
> Nick.
>
I can make a note of it, although I'm unsure what concrete steps I could
take to prevent such attacks from succeeding. Any ideas?
Geremy Condra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20090925/b53c9375/attachment.html>
More information about the Python-ideas
mailing list