[pycrypto] Library design philosophy

Mads Kiilerich mads at kiilerich.com
Sun Apr 12 14:57:31 CST 2009

Legrandin wrote, On 04/12/2009 04:36 PM
> I think that pycrypto is a great project, but the dependency
> on the C files to carry out the core operation in a way defeats
> the purpose of the library (i.e. being scriptable and platform
> independent).
> Of course performance is important, but if I really need to be fast
> my first choice is to use some wrapper to openssl or libtomcrypt
> (e.g m2crypto). On the other hand, the most value I find in pycrypto
> is it being (also) a command-line crypto workbench.
> What's your view on this? I appreciate that for some algorithms
> both versions can be used (C vs python), but for instance there is no way
> to use AES w/o having to go through the compilation step. To me, it's
> should be the other way around, first Python code, then C routines.

Well ... you can have your opinion if I (a random user) can have mine ;-)

Pycrypto does not claim to be a pure-python crypto library. If you 
expect it to be that then it probably won't meet your expectations.

Pycrypto _is_ cross-platform, and written in a combination of platform 
independent C and python, just like Python is. (FWIW, pycrypto _is_ 
partly a "libtomcrypt wrapper", see 
http://www.dlitz.net/software/pycrypto/doc/#credits.) Pycrypto _is_ 
fast. Perhaps not as fast as other optimized libraries are, but it can 
be used where performance is important.

Some advantages of pycrypto are that it is small, has a simple pythonic 
API, and don't have any external dependencies. It is not a incomplete 
wrapper of a huge and complex API (such as the openssl API).

Pure python implementations _could_ be added, but they would probably 
not really be usable. Users getting this slow fallback would probably be 
annoyed or complain about the performance instead of fixing the problem 
by installing the right compiled version. It would also double the cost 
of maintenance of the library. But a pure python implementation would be 
convenient for verification of correctness and for documentation purposes.

(Note: I don't understand your comments about being scriptable and a 
command-line crypto workbench. That seems to be features related to 
using Python, independent of which crypto library you use.)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3435 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.dlitz.net/pipermail/pycrypto/attachments/20090412/39e4e817/attachment.bin 

More information about the pycrypto mailing list