[tahoe-dev] 1.9 update: soon! Need help with PyCrypto-2.4!

Shawn Willden shawn at willden.org
Fri Oct 28 20:01:44 UTC 2011


On Fri, Oct 28, 2011 at 1:02 PM, Zooko O'Whielacronx <zooko at zooko.com>wrote:

> I'm extremely annoyed at the fact that we depend on PyCrypto, which I
> regard as too sloppily-written to be secure


Are there any well-written crypto libraries, in any language?  Having spent
a frightful amount of time trudging through openssl lately as well as a
couple of Java crypto libs (Cryptix and Bouncy Castle) I've begun thinking
that the intersection between the set of people who write non-toy crypto
libraries and the set of people who write tight, clean, well-structured code
may be empty.


> (What does "be cautious" mean, anyway? I guess it means

feel worry in your heart but do it anyway.)
>

LOL! (literally; made my colleagues look over to see what was funny, and
when I shared, they LOL'ed too).

Another possible meaning is "consider this to be opportunistic security that
might help but might not, so don't do anything important with it."  Well,
unless you really have to and then you're back to worry in your heart.

Sorry for the content-free response.  My opinion is that dropping Python 2.4
support is fine, but I don't know much about the world of Python
deployments.

-- 
Shawn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20111028/49aaf3de/attachment.html>


More information about the tahoe-dev mailing list