Hi there, I was contacted by Philippe Teuwen about whether we'd like to include PyCryptoPlus in Sage:
> PyCryptoPlus is a cryptographic module similar to PyCrypto, with which > it shares the API. But PyCryptoPlus is written 100% in Python, so its > primary interest is educational and scientific; if you want real speed, > you're better checking out PyCrypto. It was not completely written from > scratch, but integrates other cipher codes when available in Python and > under appropriate licenses. It contains, among other things: Block > cipher algorithms (Serpent, Blowfish, Twofish, DES, 3DES, AES, Rijndael, > and PRESENT); modes of operation (CMAC, ECB, CBC, CTR, and XTS); > paddings (bit padding, zeros, PKCS7, PKCS12, ISO 10126, and ANSI X.923); > and one-way functions (MD5, SHA1/SHA2, Whirlpool, RipeMD, RadioGatun, > HMAC, and PBKDF2) Minh raised a license issue, but Philippe responded: > We released the code under MIT license simply because it's less > restrictive than GPL and you can include MIT code into GPL code, not the > way around. > But anyway we can deliver it to the Sage community under a GPL license > if needed (but it's only about the interface, each cipher has usually > its own free software license as most are not ours). > About you second remark, yes indeed PyCryptoPlus is a pure python > package and doesn't rely on any Sage specificities. > I think as the cipher internals can be accessed, nr of rounds of some of > the ciphers can be reduced but you've to check it case by case as it's > not an interface parameter (& wasn't in PyCrypto interface). > > So all in all I see several possibilities (non mutually exclusive): > - We set a dual-license for you so you can use it as GPLv2+, no prob > - Interface itself could be useful in Sage to add all paddings & > chaining modes to PyCrypto if PyCrypto is already in Sage > - Hashes & ciphers which are not from us could be bundled in an optional > package if it's not too much effort (I think only PRESENT was done by > us, can be in Sage if you find it easy to run reduced rounds or in the > same optional bundle) or left to the user to find them on the web... > - I could also imagine that the test vectors can be useful on their own > but they were collected from here & there, nothing new. > > In short, if there is any part of the code you or Minh Nguyen think > could be of general interest for the Sage community, go! > License & granularity of what you want to reuse shouldn't become a barrier. So it seems this issue could be resolved easily. I'm not 100% sure that PyCryptoPlus is a good fit for Sage, because the ciphers included are: > a) they are too big (block sizes, number of rounds) to attack them in an > education context > > b) they are too slow (pure Python) to use them in an experimental > verification of a real attack (as far as I can see the number of rounds > cannot be reduced?) > > c) they don't implement anything algebraic such as an equation system > generator for which Sage functionality would be beneficial. > > It seems to me this package is very well of as a standard Python package. Minh's take on the same issue is: > I envision PyCrypto as a means for someone to see how the full version > of a cipher works. You can study the small-scale version all you want. > But to get a real feel for how the full version works, see it in > action. And I think PyCrypto has the potential to offer this. Of > course, this is setting aside considerations such as: efficiency of > implementation, effective attack techniques, etc. As a tool for > cryptography education, I find PyCrypto is adequate, although lacking > in functionalities like cryptanalysis. I don't agree with the statement that one can learn how a cipher works by seeing the full version in action, if the cipher is any good, the output doesn't tell anything about its relation to the inputs. Maybe I just misunderstood. In any case, this shouldn't be decided in private communication but openly on [sage-devel]. So, what do people think? Anybody interested in this? I assume an optional package can easily be made available since PyCryptoPlus is pure Python. Cheers, Martin -- name: Martin Albrecht _pgp: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8EF0DC99 _otr: 47F43D1A 5D68C36F 468BAEBA 640E8856 D7951CCF _www: http://www.informatik.uni-bremen.de/~malb _jab: martinralbre...@jabber.ccc.de -- To post to this group, send an email to sage-devel@googlegroups.com To unsubscribe from this group, send an email to sage-devel+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URL: http://www.sagemath.org
