[pycrypto] keyrings.cryptfile released on github

[Hans-Peter Jansen]

On Donnerstag, 9. März 2017 23:09:09 ng0 wrote:
> Hans-Peter Jansen transcribed 3.8K bytes:
> > Hi,
> > 
> > since the PyCrypto ML is dead, I'm looking for advise/feedback from some
> > cryptography aware people.
> > 
> > I've released a keyring companion package today:
> > 	https://github.com/frispete/keyrings.cryptfile
> > 
> > Its primary purpose is a decent encrypted file backend for python
> > keyrings.
> > As such, it uses manually parameterized argon2 hashes as KDF, and AES in
> > OCB mode as stream cipher (well, it just encrypts the password for a
> > given service/user name). Granted, the advantages of OCB are not /that/
> > crucial here :wink:, but apart from technical factors, the exclusion of
> > military uses
> I was looking for some proprietary EULA or something else locked down
> license and instead just saw the Expat license.

Don't get you here. Yes, the package contains just a MIT license file for now. 

> I assume that you are
> aware that no anti-mil clause exists in co-existence with free software
> licenses
> and your sentence was just written in an
> odd way?

First, bear with me, as I'm not a native speaker. Sometimes, my expressions 
tend to confuse people. I'm sorry about that. Second, I'm not a lawyer.

As long as I use OCB in OSS and does not sue somebody else about it, License 1 
is granted, if I read the OCB license options correctly [1]. Anyway, I will 
add the OCB license to the package and add a note in the initial password 
retrieval dialog about it..

In this projects state, I would like to discuss the technical issues first.
<OT> As said, I sympathize with the idea of the license, since I personally 
believe, that military conflicts doesn't solve any problems, but many todays 
problems originate from them.</OT>

[1] http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm

> > by its license is rather *attractive* from my POV(!). But I'm open for
> > discussions of course.

Cheers,
Pete