attachment-0001.html\d35d24c3\20130714\attachments\pycrypto\pipermail - delta/python-packages/pycrypto.git

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

<tt>
Hi,&lt;br&gt;&lt;br&gt;Do&nbsp;you&nbsp;guys&nbsp;know&nbsp;roughly&nbsp;when&nbsp;this&nbsp;will&nbsp;go&nbsp;in?&lt;br&gt;&lt;br&gt;Also&nbsp;with&nbsp;import/export&nbsp;RSA&nbsp;keys&nbsp;can&nbsp;we&nbsp;support&nbsp;bcrypt?&lt;br&gt;&lt;br&gt;Does&nbsp;JCA&nbsp;and&nbsp;BouncyCastle&nbsp;use&nbsp;bcrypt,&nbsp;eg:&lt;br&gt;&lt;br&gt;&lt;font&nbsp;color=&quot;#336666&quot;&gt;&#39;BcryptWithHMAC-SHA1AndAES256-CBC&#39;&nbsp;&lt;/font&gt;&lt;br&gt;<br>
&lt;br&gt;Thanks,&lt;br&gt;Kurt&lt;br&gt;&lt;br&gt;&lt;br&gt;On&nbsp;Fri,&nbsp;Jul&nbsp;5,&nbsp;2013&nbsp;at&nbsp;2:52&nbsp;AM,&nbsp;Legrandin&nbsp;&lt;&lt;a&nbsp;href=&quot;mailto:helderijs@gmail.com&quot;&gt;helderijs@gmail.com&lt;/a&gt;&gt;&nbsp;wrote:&lt;br&gt;&gt;&lt;br&gt;&gt;&nbsp;Hi&nbsp;Kurt&nbsp;,&nbsp;thanks&nbsp;a&nbsp;lot&nbsp;for&nbsp;providing&nbsp;feedback.&nbsp;It&nbsp;is&nbsp;much&nbsp;appreciated.&lt;br&gt;<br>
&gt;&lt;br&gt;&gt;&nbsp;*&nbsp;I&nbsp;guess&nbsp;you&nbsp;refer&nbsp;to&nbsp;camel-casing&nbsp;used&nbsp;for&nbsp;several&nbsp;variables,&nbsp;which&lt;br&gt;&gt;&nbsp;was&nbsp;due&nbsp;to&nbsp;my&nbsp;preference&nbsp;to&nbsp;stick&nbsp;to&nbsp;ASN.1&nbsp;naming.&lt;br&gt;&gt;&nbsp; &nbsp;I&nbsp;can&nbsp;work&nbsp;on&nbsp;that&nbsp;and&nbsp;make&nbsp;sure&nbsp;flake8&nbsp;does&nbsp;not&nbsp;complain&nbsp;that&nbsp;much.&lt;br&gt;<br>
&gt;&lt;br&gt;&gt;&nbsp;*&nbsp;Right.&nbsp;Code&nbsp;evolved&nbsp;at&nbsp;different&nbsp;points&nbsp;in&nbsp;time,&nbsp;and&nbsp;indeed&nbsp;it&nbsp;is&lt;br&gt;&gt;&nbsp;now&nbsp;hard&nbsp;to&nbsp;follow&nbsp;the&nbsp;path&nbsp;of&nbsp;the&nbsp;&#39;parameter&#39;&nbsp;value.&nbsp;I&nbsp;will&nbsp;try&nbsp;to&lt;br&gt;&gt;&nbsp;fix&nbsp;that.&lt;br&gt;&gt;&lt;br&gt;&gt;&nbsp;*&nbsp;I&nbsp;used&nbsp;strings&nbsp;like&nbsp;&#39;PBKDF2WithHMAC-SHA1AndAES128-CBC&#39;&nbsp;because&nbsp;that&lt;br&gt;<br>
&gt;&nbsp;is&nbsp;the&nbsp;style&nbsp;used&nbsp;in&nbsp;JCA&nbsp;and&nbsp;BouncyCastle&nbsp;and&nbsp;a&nbsp;lot&nbsp;of&nbsp;people&nbsp;are&lt;br&gt;&gt;&nbsp;familiar&nbsp;with&nbsp;it.&lt;br&gt;&gt;&nbsp; &nbsp;I&nbsp;am&nbsp;not&nbsp;very&nbsp;clear&nbsp;what&nbsp;the&nbsp;benefit&nbsp;enums&nbsp;might&nbsp;bring?&nbsp;One&nbsp;option&nbsp;I&lt;br&gt;&gt;&nbsp;considered&nbsp;was&nbsp;the&nbsp;ability&nbsp;to&nbsp;provide&nbsp;3&nbsp;independent&nbsp;parameters&lt;br&gt;<br>
&gt;&nbsp; &nbsp;instead&nbsp;of&nbsp;one&nbsp;(since&nbsp;protection&nbsp;mainly&nbsp;depends&nbsp;on&nbsp;type&nbsp;of&nbsp;KDF,&nbsp;PRF,&lt;br&gt;&gt;&nbsp;and&nbsp;symmetric&nbsp;cipher)&nbsp;but&nbsp;at&nbsp;the&nbsp;end&nbsp;I&nbsp;guess&nbsp;most&lt;br&gt;&gt;&nbsp; &nbsp;uses&nbsp;case&nbsp;are&nbsp;about&nbsp;the&nbsp;desire&nbsp;to&nbsp;protect&nbsp;the&nbsp;private&nbsp;key&nbsp;using&nbsp;a&lt;br&gt;&gt;&nbsp;password&nbsp;in&nbsp;a&nbsp;strong&nbsp;way,&nbsp;and&nbsp;the&nbsp;ability&nbsp;to&nbsp;tweak&nbsp;the&nbsp;various&lt;br&gt;<br>
&gt;&nbsp;parameters&lt;br&gt;&gt;&nbsp; &nbsp;is&nbsp;not&nbsp;that&nbsp;relevant.&nbsp;Plus,&nbsp;exportKey()&nbsp;parameter&nbsp;list&nbsp;becomes&nbsp;to&nbsp;long.&lt;br&gt;&gt;&lt;br&gt;&gt;&nbsp;*&nbsp;I&nbsp;am&nbsp;really&nbsp;ashamed&nbsp;to&nbsp;admit&nbsp;that&nbsp;I&nbsp;actually&nbsp;have&nbsp;9&nbsp;pull&nbsp;requests&lt;br&gt;&gt;&nbsp;open,&nbsp;not&nbsp;2&nbsp;so&nbsp;I&nbsp;am&nbsp;totally&nbsp;giving&nbsp;headaches&nbsp;to&nbsp;the&nbsp;maintainer.&nbsp;:-)&lt;br&gt;<br>
&gt;&nbsp; &nbsp;It&nbsp;is&nbsp;of&nbsp;course&nbsp;only&nbsp;up&nbsp;to&nbsp;him&nbsp;to&nbsp;decide&nbsp;which&nbsp;features&nbsp;should&nbsp;go&lt;br&gt;&gt;&nbsp;in;&nbsp;given&nbsp;that&nbsp;he&nbsp;has&nbsp;not&nbsp;much&nbsp;time&nbsp;these&nbsp;days,&nbsp;it&nbsp;is&nbsp;likely&nbsp;that&nbsp;only&lt;br&gt;&gt;&nbsp; &nbsp;few&nbsp;features&nbsp;and&nbsp;bugfixes&nbsp;may&nbsp;go&nbsp;into&nbsp;any&nbsp;next&nbsp;release.&lt;br&gt;<br>
&gt;&nbsp; &nbsp;The&nbsp;release&nbsp;merge&nbsp;window&nbsp;seems&nbsp;to&nbsp;roughly&nbsp;be&nbsp;once&nbsp;per&nbsp;year&nbsp;and&nbsp;I&lt;br&gt;&gt;&nbsp;find&nbsp;it&nbsp;is&nbsp;natural&nbsp;to&nbsp;have&nbsp;so&nbsp;many&nbsp;outstanding&nbsp;pull&nbsp;requests&nbsp;by&nbsp;now.&lt;br&gt;&gt;&nbsp; &nbsp;To&nbsp;my&nbsp;defense,&nbsp;I&nbsp;can&nbsp;only&nbsp;say&nbsp;that&nbsp;the&nbsp;all&nbsp;pull&nbsp;requests&nbsp;cover&nbsp;one&lt;br&gt;<br>
&gt;&nbsp;feature&nbsp;only&nbsp;and&nbsp;that&nbsp;I&nbsp;try&nbsp;to&nbsp;keep&nbsp;them&nbsp;as&nbsp;independent&nbsp;as&nbsp;possible.&lt;br&gt;&gt;&nbsp; &nbsp;Most&nbsp;of&nbsp;them&nbsp;apply&nbsp;cleanly&nbsp;to&nbsp;master&nbsp;(e.g.&nbsp;HKDF,&nbsp;CCM,&nbsp;PKCS#8,&nbsp;bug&nbsp;fixes,&nbsp;etc).&lt;br&gt;&gt;&nbsp; &nbsp;In&nbsp;some&nbsp;cases&nbsp;though,&nbsp;they&nbsp;do&nbsp;depend&nbsp;on&nbsp;an&nbsp;existing&nbsp;pull&nbsp;request&nbsp;(as&lt;br&gt;<br>
&gt;&nbsp;in&nbsp;the&nbsp;case&nbsp;of&nbsp;DSA&nbsp;import/export&nbsp;depending&nbsp;on&nbsp;PKCS8&nbsp;be&nbsp;applied&nbsp;first),&lt;br&gt;&gt;&nbsp; &nbsp;because&nbsp;keeping&nbsp;them&nbsp;separated&nbsp;is&nbsp;honestly&nbsp;too&nbsp;much&nbsp;work&nbsp;for&nbsp;me&lt;br&gt;&gt;&nbsp;*and*&nbsp;they&nbsp;are&nbsp;indeed&nbsp;extensions&nbsp;of&nbsp;other&nbsp;extensions.&lt;br&gt;&gt;&lt;br&gt;<br>
&gt;&nbsp;&gt;&nbsp;Hi,&nbsp;I&nbsp;was&nbsp;looking&nbsp;at&nbsp;the&nbsp;pycrypto&nbsp;pull&nbsp;request&lt;br&gt;&gt;&nbsp;&gt;&nbsp;&lt;a&nbsp;href=&quot;https://github.com/dlitz/pycrypto/pull/32&quot;&gt;https://github.com/dlitz/pycrypto/pull/32&lt;/a&gt;.&nbsp; Just&nbsp;a&nbsp;few&nbsp;comments...&lt;br&gt;&gt;&nbsp;&gt;&lt;br&gt;&gt;&nbsp;&gt;&nbsp;*&nbsp;For&nbsp;readability&nbsp;can&nbsp;you&nbsp;pep8&nbsp;format&nbsp;the&nbsp;code?&lt;br&gt;<br>
&gt;&nbsp;&gt;&nbsp;*&nbsp;RSA,&nbsp;for&nbsp;import/export&nbsp;the&nbsp;protection&nbsp;parameter&nbsp;maybe&nbsp;rename&nbsp;to&nbsp;algo&nbsp;or&lt;br&gt;&gt;&nbsp;&gt;&nbsp;wrap&nbsp;algo?&nbsp; It&nbsp;evolves&nbsp;from:&nbsp;&#39;protection&#39;&nbsp;to&nbsp;&#39;wrap_algo&#39;&nbsp;to&nbsp;&#39;mode&#39;&nbsp;as&nbsp;it&lt;br&gt;&gt;&nbsp;&gt;&nbsp;goes&nbsp;down&nbsp;the&nbsp;call&nbsp;stack.&lt;br&gt;<br>
&gt;&nbsp;&gt;&nbsp;*&nbsp;Also&nbsp;maybe&nbsp;make&nbsp;this&nbsp;parameter&nbsp;an&nbsp;enum/value?&nbsp; Since&nbsp;the&nbsp;long&nbsp;string&nbsp;can&lt;br&gt;&gt;&nbsp;&gt;&nbsp;be&nbsp;error&nbsp;prone,&nbsp;low&nbsp;level&nbsp;code&nbsp;would&nbsp;need&nbsp;to&nbsp;change&nbsp;anyway&nbsp;if&nbsp;it&nbsp;were&nbsp;either&lt;br&gt;&gt;&nbsp;&gt;&nbsp;string&nbsp;or&nbsp;int&nbsp;if&nbsp;we&nbsp;support&nbsp;more&nbsp;modes.&lt;br&gt;<br>
&gt;&nbsp;&gt;&nbsp;*&nbsp;And&nbsp;last&nbsp;but&nbsp;not&nbsp;least...&nbsp;I&#39;m&nbsp;new&nbsp;to&nbsp;this&nbsp;email&nbsp;list&nbsp;and&nbsp;not&nbsp;sure&nbsp;how&lt;br&gt;&gt;&nbsp;&gt;&nbsp;often&nbsp;pull&nbsp;requests&nbsp;are&nbsp;accepted&nbsp;but&nbsp;maybe&nbsp;you&nbsp;could&nbsp;reduce&nbsp;the&nbsp;amount&nbsp;of&lt;br&gt;&gt;&nbsp;&gt;&nbsp;features&nbsp;going&nbsp;in?&nbsp; I&nbsp;know&nbsp;you&nbsp;have&nbsp;another&nbsp;one,&nbsp;51,&nbsp;after&nbsp;this...&lt;br&gt;<br>
&gt;&nbsp;&gt;&nbsp;Maintainer&nbsp;may&nbsp;reluctant&nbsp;to&nbsp;do&nbsp;massive&nbsp;changes&nbsp;all&nbsp;at&nbsp;once?&lt;br&gt;&gt;&nbsp;&gt;&lt;br&gt;&gt;&nbsp;&gt;&nbsp;Anyway&nbsp;just&nbsp;ideas...&lt;br&gt;&gt;&nbsp;&gt;&nbsp;Thanks&nbsp;for&nbsp;your&nbsp;time,&lt;br&gt;&gt;&nbsp;&gt;&nbsp;Sincerely,&lt;br&gt;&gt;&nbsp;&gt;&nbsp;Kurt&lt;br&gt;&gt;&nbsp;&gt;&lt;br&gt;&gt;&nbsp;_______________________________________________&lt;br&gt;<br>
&gt;&nbsp;pycrypto&nbsp;mailing&nbsp;list&lt;br&gt;&gt;&nbsp;&lt;a&nbsp;href=&quot;mailto:pycrypto@lists.dlitz.net&quot;&gt;pycrypto@lists.dlitz.net&lt;/a&gt;&lt;br&gt;&gt;&nbsp;&lt;a&nbsp;href=&quot;http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto&quot;&gt;http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto&lt;/a&gt;&lt;br&gt;<br>
&lt;br&gt;<br>

</tt>