[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] AES cipher implementation in standard library


Christian,  really appreciated the details. I understood.

Is wrapper library like ssl module with openssl on platform also not good
idea?
My intention is not re-invention but single standard way as standard
library.

If I can read past discussion somewhere, it's also appreciated

Thanks and Regards,
Takahiro Ono




2018?9?5?(?) 1:48 Christian Heimes <christian at python.org>:

> On 2018-09-04 16:37, ???? wrote:
> > Dear all,
> >
> > Have we tried cipher implementation includes AES as a standard library
> > in the past?
> > https://docs.python.org/3.6/library/crypto.html
> >
> > if possible I want to try to implement AES because famous 3rd party
> > library is not maintained and general cipher programs should be used for
> > multiple purpose.Though the implementation is tough,  I believe this
> > should be worth to it.
> > In my case, I want to use AES implementation for zipfile module.
>
> strong -1
>
> The Python standard library doesn't contain any encryption, signing, and
> other cryptographic algorithms for multiple reasons. The only exception
> from the rule are hashing algorithms and HMAC construct. There are legal
> implications like export restrictions. Crypto is just too hard to get
> right and we don't want to give the user additional rope. We already had
> a very lengthy and exhausting discussion for the secrets module. That
> module just provides a user-friendly interface to CPRNG.
>
> By the way, AES by itself is a useless to borderline dangerous
> algorithm. It must be embedded within additional layers like block mode,
> authenticated encryption / MAC, and more. There isn't a single correct
> answer for block mode and AD algorithm, too. It highly depends on the
> problem space. While GCM AEAD mode is good choice for network
> communication, it can be a pretty bad idea for persistent storage.
>
> There is one excellent Python library with high level and low level
> cryptographic algorithms: http://cryptography.readthedocs.io/ . It's t
>
> Regards,
> Christian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180905/ddbc5c13/attachment.html>