trying to decide which Python crypto library to use
128 views
Skip to first unread message
Lorenzo Gil
Dec 10, 2014, 4:12:14 PM12/10/14
to keyczar...@googlegroups.com
Hi everybody,
we are trying to decide which Python crypto library to use for encryption and so far our two candidates are Keyczar and Cryptography.io ( https://cryptography.io/ ). Keyczar uses PyCrypto as its backend and Cryptography.io uses openssl by default but can also use PyCrypto with some configuration.
So I have a few questions in order to pick Keyczar over the other.
- How different are the C++/Java/Python subprojects in terms of maintenability? If a security breach is discovered in one of them, would that mean the other two are reviewed again for this breach? I'm trying to see if the Python implementation is a first class citizen here.
- Why does the C++ implementation and the Python implementation use different C backend (openssl vs PyCrypto). Isn't that harder to maintain and to keep an eye on?
- Any link or document to see if the high level recipe Keycar uses for encryption is better than the Fermet system the cryptography.io uses: https://cryptography.io/en/latest/fernet/ and https://github.com/fernet/spec/blob/master/Spec.md
On one side cryptography is multibackend, very well tested and very pythonic. On the other side it is quite new and that's not good in terms of security. I like to hear the opinion of the (Python) Keyczar community in this regard. I'd really appreciate answers to these questions and thoughts.
Thanks
Lorenzo Gil Sanchez
we are trying to decide which Python crypto library to use for encryption and so far our two candidates are Keyczar and Cryptography.io ( https://cryptography.io/ ). Keyczar uses PyCrypto as its backend and Cryptography.io uses openssl by default but can also use PyCrypto with some configuration.
So I have a few questions in order to pick Keyczar over the other.
- How different are the C++/Java/Python subprojects in terms of maintenability? If a security breach is discovered in one of them, would that mean the other two are reviewed again for this breach? I'm trying to see if the Python implementation is a first class citizen here.
- Why does the C++ implementation and the Python implementation use different C backend (openssl vs PyCrypto). Isn't that harder to maintain and to keep an eye on?
- Any link or document to see if the high level recipe Keycar uses for encryption is better than the Fermet system the cryptography.io uses: https://cryptography.io/en/latest/fernet/ and https://github.com/fernet/spec/blob/master/Spec.md
On one side cryptography is multibackend, very well tested and very pythonic. On the other side it is quite new and that's not good in terms of security. I like to hear the opinion of the (Python) Keyczar community in this regard. I'd really appreciate answers to these questions and thoughts.
Thanks
Lorenzo Gil Sanchez
Reply all
Reply to author
Forward
0 new messages