[Cryptography] Question on crypto implementation in existing python libraries

John Denker jsd at av8n.com
Mon Feb 9 03:24:27 EST 2015


On 02/09/2015 12:40 AM, Ralf Senderek wrote:

> It's far better to call
> /usr/bin/gpg from python via popen(), 

That's good advice.  That's what I do.

> because it gives you everything
> you'd probably get wrong if you'd do it yourself, like message
> integrity, strong encryption key, random IV, etc.

Agreed.  The "etc." includes memory locking, facilities
for reading a password from the terminal, and a bunch
of other housekeeping stuff that would be virtually 
impossible to do with any semblance of security in
python ... for reasons having little to do with the
cryptological mathematics.



More information about the cryptography mailing list