The State of Crypto in Python Presentation.pdf

《The State of Crypto in Python Presentation.pdf》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、StateofcryptoinPythonAlibrarycreatedbypeoplewhomakepoorlifechoices.HowDidWeGetHereAtRackspaceweworkonanOpenStack,keymanagementproductnamedBarbican.Weneededtousecrypto.Cuethe80sworkingmontageWhatDoWeWantAlgorithmsupportOpenSourceMAINTAINED&TestedPythonSupportTrustWHyc?Allmajorcryptographiclibrariesar

2、ecurrentlyimplementedinalowlevellanguage,mostlyCorC++.Timing/MemoryAttacksReviewedCodeTheseattacksrelatetoexploitingtimingdifferentialsorSeveralClibrarieshavebeensponsoredthroughthereviewsecurelywipingmemory.Theyaredifficultorimpossibletoprocessforprofessionalcryptoreviewincludingvariousremediatewit

3、houtthelowlevelcontrolexposedbyC.compliancesthatsomecustomerscareabout.ExistingCodeFuturepossibilitiesWritinggoodcryptocodeishard.MostexistinglibrarieshaveTherearesomeexcitingoptionsforfutureworkinthecryptoalonghistoryincludingsignificantbug-fixing/research.spacewithlanguageslikeRust/Go.Unfortunatel

4、y,thesearen’tusablefromPythonrightnow.StateofCOSSX-PlatformMaintainedUbiquitousStd.AlgorithmsFIPSOpenSSLNSSNaClBotanCommonCryptoMSCSPLibgcryptLibreSSLStateOfPythonBackendMaintainedPythonSupportReviewedCompletenessm2cryptoopensslrecentlyactivepypywithpatch,nopy3noopensslswigpycryptobespoke*yesnopypyn

5、onoAEAD(withoutalpha)pyopensslopenssl*yesyes(withcrypto)noThinopensslbindingspython-nssNSSlowunknownnoexposessomeofNSSbotanbotanyespy3,maybepypynoexposesmostofbotanMostoftheselibrariesrequire/assumetheuserunderstandshowtousetheunderlyingClibrarycorrectly.cryptographyanewcryptolibraryforPython•Suppor

6、tformodern•SupportforPyPyandalgorithmssuchasAES-Python3GCMandHKDF•Large,activeteam•Improveddebug-abilityand•Encouragesuseofstrong,testabilitysecurealgorithms•Sane,secureAPIdesign•“Cryptographyforhumans”,(wherepossible)APIsGrandioseVision:AcryptographicstandardlibraryforPython.PYCAPythonCryptographic

7、Authority•PyNaCl–PythonbindingsfortheNaCLlibrary•cryptography–Pythonlibrarytoexposecryptographicconstructs•service_identity–Serviceidentity(hostnameverification)forPyOpenSSL.•PyOpenSSL–Pythonbindingsf