From: geremy condra on
On Sun, Apr 4, 2010 at 6:03 PM, Robert Kern <robert.kern(a)gmail.com> wrote:
> On 2010-04-03 20:21 , Lawrence D'Oliveiro wrote:
>>
>> In message<4baf3ac4$0$22903$e4fe514c(a)news.xs4all.nl>, Irmen de Jong wrote:
>>
>>> On 28-3-2010 12:08, Lawrence D'Oliveiro wrote:
>>>
>>>> Don’t use MD5.
>>>
>>> Also, md5 is not an encryption algorithm at all, it is a secure hashing
>>> function.
>>
>> You can use hash functions for encryption.
>
> You can *build* an encryption algorithm out of hash functions as a
> primitive, yes. Paul Rubin's p3.py is an example of using SHA-1 to build an
> encryption algorithm:
>
>  http://www.nightsong.com/phr/crypto/p3.py
>
> However, a hash function is not an encryption algorithm itself. One does not
> "encrypt with md5" as the OP asked. For crypto-knowledgeable people, this
> may just be an issue of terminology (although I think an important one), but
> I think it demonstrates the ignorance of the OP and the need for Irmen's
> clarification.
>
> --
> Robert Kern

I don't mean to disrespect Paul Rubin, but p3.py comes up in every discussion
of cryptography in python on this list and, AFAICT, has yet to come under
significant cryptanalytic scrutiny. That doesn't make it a bad example in this
case, but I would caution the OP that it probably doesn't make it a good
candidate for your encryption needs.

Geremy Condra
From: Robert Kern on
On 2010-04-04 17:44 , geremy condra wrote:
> On Sun, Apr 4, 2010 at 6:03 PM, Robert Kern<robert.kern(a)gmail.com> wrote:
>> On 2010-04-03 20:21 , Lawrence D'Oliveiro wrote:
>>>
>>> In message<4baf3ac4$0$22903$e4fe514c(a)news.xs4all.nl>, Irmen de Jong wrote:
>>>
>>>> On 28-3-2010 12:08, Lawrence D'Oliveiro wrote:
>>>>
>>>>> Don�t use MD5.
>>>>
>>>> Also, md5 is not an encryption algorithm at all, it is a secure hashing
>>>> function.
>>>
>>> You can use hash functions for encryption.
>>
>> You can *build* an encryption algorithm out of hash functions as a
>> primitive, yes. Paul Rubin's p3.py is an example of using SHA-1 to build an
>> encryption algorithm:
>>
>> http://www.nightsong.com/phr/crypto/p3.py
>>
>> However, a hash function is not an encryption algorithm itself. One does not
>> "encrypt with md5" as the OP asked. For crypto-knowledgeable people, this
>> may just be an issue of terminology (although I think an important one), but
>> I think it demonstrates the ignorance of the OP and the need for Irmen's
>> clarification.
>>
>> --
>> Robert Kern
>
> I don't mean to disrespect Paul Rubin, but p3.py comes up in every discussion
> of cryptography in python on this list and, AFAICT, has yet to come under
> significant cryptanalytic scrutiny. That doesn't make it a bad example in this
> case, but I would caution the OP that it probably doesn't make it a good
> candidate for your encryption needs.

For people looking for standardized cryptography, Google works fine to find
PyCrypto or M2Crypto. p3 comes up so often in this group because people that
need to ask here are looking for reasonably performant, pure-Python crypto, and
p3 is the best-of-breed given those constraints (it happens to be mentioned here
as an example, not a recommendation). Its security derives from its use of
standardized, well-scrutinized components (and no, the recent attacks on SHA-1
do not affect the security properties that p3 relies on). It will probably never
receive the kind of attention that AES or the rest get because it will never be
fast enough to even be considered a peer of those algorithms.

--
Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco

From: geremy condra on
On Sun, Apr 4, 2010 at 8:42 PM, Robert Kern <robert.kern(a)gmail.com> wrote:
> On 2010-04-04 17:44 , geremy condra wrote:
>>
>> On Sun, Apr 4, 2010 at 6:03 PM, Robert Kern<robert.kern(a)gmail.com>  wrote:
>>>
>>> On 2010-04-03 20:21 , Lawrence D'Oliveiro wrote:
>>>>
>>>> In message<4baf3ac4$0$22903$e4fe514c(a)news.xs4all.nl>, Irmen de Jong
>>>> wrote:
>>>>
>>>>> On 28-3-2010 12:08, Lawrence D'Oliveiro wrote:
>>>>>
>>>>>> Don’t use MD5.
>>>>>
>>>>> Also, md5 is not an encryption algorithm at all, it is a secure hashing
>>>>> function.
>>>>
>>>> You can use hash functions for encryption.
>>>
>>> You can *build* an encryption algorithm out of hash functions as a
>>> primitive, yes. Paul Rubin's p3.py is an example of using SHA-1 to build
>>> an
>>> encryption algorithm:
>>>
>>>  http://www.nightsong.com/phr/crypto/p3.py
>>>
>>> However, a hash function is not an encryption algorithm itself. One does
>>> not
>>> "encrypt with md5" as the OP asked. For crypto-knowledgeable people, this
>>> may just be an issue of terminology (although I think an important one),
>>> but
>>> I think it demonstrates the ignorance of the OP and the need for Irmen's
>>> clarification.
>>>
>>> --
>>> Robert Kern
>>
>> I don't mean to disrespect Paul Rubin, but p3.py comes up in every
>> discussion
>> of cryptography in python on this list and, AFAICT, has yet to come under
>> significant cryptanalytic scrutiny. That doesn't make it a bad example in
>> this
>> case, but I would caution the OP that it probably doesn't make it a good
>> candidate for your encryption needs.
>
> For people looking for standardized cryptography, Google works fine to find
> PyCrypto or M2Crypto. p3 comes up so often in this group because people that
> need to ask here are looking for reasonably performant, pure-Python crypto,
> and p3 is the best-of-breed given those constraints (it happens to be
> mentioned here as an example, not a recommendation). Its security derives
> from its use of standardized, well-scrutinized components (and no, the
> recent attacks on SHA-1 do not affect the security properties that p3 relies
> on). It will probably never receive the kind of attention that AES or the
> rest get because it will never be fast enough to even be considered a peer
> of those algorithms.
>
> --
> Robert Kern

I have no comment on why it hasn't received substantial attention; my point
is simply that it hasn't, and that without that scrutiny it probably isn't wise
to depend on its security. There are plenty of tried-and-true cryptosystems
to use; people without an extensive knowledge of what they're getting into
should be encouraged to use them. Apologies if it sounded like I was
claiming more.

Geremy Condra