[tahoe-dev] pycryptopp update Re: started on pycryptopp
Jim McCoy
jim.mccoy at gmail.com
Fri Nov 2 13:35:51 PDT 2007
>
> I like C a lot of course, but truthfully I don't trust libtomcrypt's
> quality control. The version of SHA-256 that lives in pycrypto was
> copied from libtomcrypt some years ago, and updated at least once
> since, and there have been not one but two bugs discovered in that
> implementation which cause it to give incorrect hash values in some
> cases.
Actually, it was copied from an old crypto library of Tom's and not
libtomcrypt, but I understand your concern. The only other bug in the
hash I was aware of was one related to using an unsigned long in
certain cases. OTOH, the hashlib that ships with python uses the
libtomcrypt hashes (or at least that is what Greg used as his starting
point and I don't think there was much modification) and there is some
talk of using libtomcrypt for a built-in crypto module for the py3k
distribution.
> So far, I'm enjoying writing hand-rolled Python wrappers around Crypto
> ++. Weird, I know.
Yeah, but you are also betting a lot on your wrappers being correct...
Jim
More information about the tahoe-dev
mailing list