[pycrypto] Library design philosophy

Legrandin gooksankoo at hoiptorrow.mailexpire.com
Mon Apr 13 06:54:42 CST 2009

> Well ... you can have your opinion if I (a random user) can have mine ;-)

I was just throwing my stone into the water... :-)

> Pycrypto does not claim to be a pure-python crypto library. If you  
> expect it to be that then it probably won't meet your expectations.
> Pycrypto _is_ cross-platform, and written in a combination of platform  
> independent C and python, just like Python is.

My claim goes exactly over the fact that platforms where no suitable
compiler is present or accessible are not supported. Moreover platform
independent C really does not exist (see my previous message).

I don't have real expectations, it is (was) just unclear to me what
the purpose of the library is, and why would one use it. The feeling
I have is that it tries to be used in two camps, without being really
good in any.

> (FWIW, pycrypto _is_  
> partly a "libtomcrypt wrapper", see  
> http://www.dlitz.net/software/pycrypto/doc/#credits.) Pycrypto _is_  
> fast. Perhaps not as fast as other optimized libraries are, but it can  
> be used where performance is important.

Borrowing SHA256 from libtomcrypt does not make it a wrapper to it, first
because it goes only over SHA256, and second future improvements and bugfixes
in libtomcrypt will probably never end up in this local version.

> Some advantages of pycrypto are that it is small, has a simple pythonic  
> API, and don't have any external dependencies. It is not a incomplete  
> wrapper of a huge and complex API (such as the openssl API).

Agreed, even though it is not clear to me whether you refer to any
existing wrapper. M2crypto seems pretty good for instance.

> Pure python implementations _could_ be added, but they would probably  
> not really be usable. Users getting this slow fallback would probably be  
> annoyed or complain about the performance instead of fixing the problem  
> by installing the right compiled version.

I saw several times remarks to urge "normal" users not to use pycryto directly
(e.g. RSA schoolbook encryption), but to rely on savier, higher-level code.

More information about the pycrypto mailing list