On Sun, Apr 4, 2010 at 8:42 PM, Robert Kern <robert.k...@gmail.com> wrote: > On 2010-04-04 17:44 , geremy condra wrote: >> >> On Sun, Apr 4, 2010 at 6:03 PM, Robert Kern<robert.k...@gmail.com> wrote: >>> >>> On 2010-04-03 20:21 , Lawrence D'Oliveiro wrote: >>>> >>>> In message<4baf3ac4$0$22903$e4fe5...@news.xs4all.nl>, Irmen de Jong >>>> wrote: >>>> >>>>> On 28-3-2010 12:08, Lawrence D'Oliveiro wrote: >>>>> >>>>>> Don’t use MD5. >>>>> >>>>> Also, md5 is not an encryption algorithm at all, it is a secure hashing >>>>> function. >>>> >>>> You can use hash functions for encryption. >>> >>> You can *build* an encryption algorithm out of hash functions as a >>> primitive, yes. Paul Rubin's p3.py is an example of using SHA-1 to build >>> an >>> encryption algorithm: >>> >>> http://www.nightsong.com/phr/crypto/p3.py >>> >>> However, a hash function is not an encryption algorithm itself. One does >>> not >>> "encrypt with md5" as the OP asked. For crypto-knowledgeable people, this >>> may just be an issue of terminology (although I think an important one), >>> but >>> I think it demonstrates the ignorance of the OP and the need for Irmen's >>> clarification. >>> >>> -- >>> Robert Kern >> >> I don't mean to disrespect Paul Rubin, but p3.py comes up in every >> discussion >> of cryptography in python on this list and, AFAICT, has yet to come under >> significant cryptanalytic scrutiny. That doesn't make it a bad example in >> this >> case, but I would caution the OP that it probably doesn't make it a good >> candidate for your encryption needs. > > For people looking for standardized cryptography, Google works fine to find > PyCrypto or M2Crypto. p3 comes up so often in this group because people that > need to ask here are looking for reasonably performant, pure-Python crypto, > and p3 is the best-of-breed given those constraints (it happens to be > mentioned here as an example, not a recommendation). Its security derives > from its use of standardized, well-scrutinized components (and no, the > recent attacks on SHA-1 do not affect the security properties that p3 relies > on). It will probably never receive the kind of attention that AES or the > rest get because it will never be fast enough to even be considered a peer > of those algorithms. > > -- > Robert Kern
I have no comment on why it hasn't received substantial attention; my point is simply that it hasn't, and that without that scrutiny it probably isn't wise to depend on its security. There are plenty of tried-and-true cryptosystems to use; people without an extensive knowledge of what they're getting into should be encouraged to use them. Apologies if it sounded like I was claiming more. Geremy Condra -- http://mail.python.org/mailman/listinfo/python-list
