[Cryptography] Question on crypto implementation in existing python libraries

Ralf Senderek crypto at senderek.ie
Mon Feb 9 02:40:01 EST 2015


On Sun, 8 Feb 2015 19:14:24 Robert Musser wrote:
> Which I'm not too keen on using as the only "recipe" available is for
> symmetric encryption using AES 128 in CBC mode, which, from googling
> a bit seems relatively weak.

That's the problem with googling: AES-128-CBC is *not* relatively weak,
if you use a random IV, don't believe uncle Google.


> Are there any existing crypto libraries that are available with a
> more secure encryption method?

In my opinion it's problematic to "look around for some crypto library"
that lets you call aes() from python directly. It's far better to call
/usr/bin/gpg from python via popen(), because it gives you everything
you'd probably get wrong if you'd do it yourself, like message
integrity, strong encryption key, random IV, etc. And you'll benefit
from the 18 years of code review that went into gpg, which is something
you won't get from anything you stumble upon on the internet.

By the way, do you know where your encryption key comes from, and how
you'd keep it safe?

      --Ralf


More information about the cryptography mailing list