Showing content from http://mail.python.org/pipermail/python-dev/attachments/20180905/173d3887/attachment.html below:
<div dir="ltr">Sorry, allow me to ask one more thing.<div>If I want to use AES in zipfile module, what the good way to implement?</div><div><br></div><div>Thanks and Regards,</div><div>-----------------</div><div>Takahiro Ono</div></div><br><div class="gmail_quote"><div dir="ltr">2018å¹´9æ5æ¥(æ°´) 23:01 大ééå¼ <<a href="mailto:oono0114@gmail.com">oono0114@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Christian,Â
really appreciated the details. I understood.<div><br><div>Is wrapper library like ssl module with openssl on platform also not good idea?</div><div>My intention is not re-invention but single standard way as standard library.</div><div><br><div>If I can read past discussion somewhere, it's also appreciated</div><div><br></div><div>Thanks and Regards,</div><div>Takahiro Ono</div><div><br></div><div><br><div><div><br></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">2018å¹´9æ5æ¥(æ°´) 1:48 Christian Heimes <<a href="mailto:christian@python.org" target="_blank">christian@python.org</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 2018-09-04 16:37, 大ééå¼ wrote:<br>
> Dear all,<br>
> <br>
> Have we tried cipher implementation includes AES as a standard library<br>
> in the past?<br>
> <a href="https://docs.python.org/3.6/library/crypto.html" rel="noreferrer" target="_blank">https://docs.python.org/3.6/library/crypto.html</a><br>
> <br>
> if possible I want to try to implement AES because famous 3rd party<br>
> library is not maintained and general cipher programs should be used for<br>
> multiple purpose.Though the implementation is tough, I believe this<br>
> should be worth to it.<br>
> In my case, I want to use AES implementation for zipfile module.<br>
<br>
strong -1<br>
<br>
The Python standard library doesn't contain any encryption, signing, and<br>
other cryptographic algorithms for multiple reasons. The only exception<br>
from the rule are hashing algorithms and HMAC construct. There are legal<br>
implications like export restrictions. Crypto is just too hard to get<br>
right and we don't want to give the user additional rope. We already had<br>
a very lengthy and exhausting discussion for the secrets module. That<br>
module just provides a user-friendly interface to CPRNG.<br>
<br>
By the way, AES by itself is a useless to borderline dangerous<br>
algorithm. It must be embedded within additional layers like block mode,<br>
authenticated encryption / MAC, and more. There isn't a single correct<br>
answer for block mode and AD algorithm, too. It highly depends on the<br>
problem space. While GCM AEAD mode is good choice for network<br>
communication, it can be a pretty bad idea for persistent storage.<br>
<br>
There is one excellent Python library with high level and low level<br>
cryptographic algorithms: <a href="http://cryptography.readthedocs.io/" rel="noreferrer" target="_blank">http://cryptography.readthedocs.io/</a> . It's t<br>
<br>
Regards,<br>
Christian<br>
</blockquote></div>
</blockquote></div>
RetroSearch is an open source project built by @garambo
| Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4