[pycrypto] the sad state of pycrypto

zooko zooko at zooko.com
Sun Nov 9 10:58:00 CST 2008


On Nov 9, 2008, at 8:54 AM, Paul Hoffman wrote:

> The idea of dropping support for "weak" algorithms is silly. No  
> developer looks through the list of algorithms in a library and say  
> "I'll pick, um, er, that one" without knowing what it is.

I happen to know a somewhat famous developer who once looked through  
the Crypto++ API and chose DES-XEX without (I think) realizing that  
it was DES-X and not Triple-DES.

But yeah, modelling the developers who use your library -- guessing  
how clueful and careful they will be -- is a black art and is  
probably doomed to failure.

Regards,

Zooko


More information about the pycrypto mailing list