tuxxy
commented
7 years ago Hi, just looking over my repos out of boredom and stumbled upon this issue.
PyCrypto hasn't been maintained in a bit. Not sure if you've seen this before, but a fork called PyCryptodome has been actively maintained quite nicely and has a drop-in replacement for PyCrypto.
PyCrypto 2.7 introduces some authenticated block cipher modes. They can be found at https://github.com/dlitz/pycrypto/blob/af058ee6f5da391a05275470ab4a4a96aa22b350/ChangeLog. The authenticated modes are:
While using HMAC-SHA512 is fine, it would be nice to switch to one of these modes by default, and have the capability of falling back to CBC for old encrypted notes. GCM is probably the preferred choice of the four, due to its parallel processing capabilities, good performance. EAX could be a good alternate.
If moving to an authenticated block cipher mode is not feasible, for whatever reason, when SHA3 becomes standardized, and if it is introduced into PyCrypto, I would like to switch to it taking advantage of the sponge function, rather than relying on SHA2, even though there have not been any strong security weaknesses of SHA2.