BjarniRunar
commented
10 years ago Note that OpenSSL is also probably the most widely reviewed and best optimized encryption tool available to us.
I also wanted to point out that due to the Python GIL, forking an external process (especially if we can pre-fork the workers) is one of the simplest and most effective ways to leverage multiple processors on modern hardware.
For reading large volumes of small files (like the vcards) all at once, the overhead of forking will likely still dominate, but for less frequent reads and for larger data streams the trade-off will be reversed.
It is true that well written Python bindings will hopefully release the GIL, but that depends on the library and requires we do a lot more explicit threading in mailpile itself. However, crashes and security problems in said libraries will also bring down our whole app, which is why the trend in things like browsers has been to move towards multiprocess architectures, not away from them.
public
pagekite
The current use of openssl to do AES-256-GCM is kind of okay for now, but it is about 500x slower than using AES directly in (semi-)native code, mostly because of fork time.
Currently, a user with 5000 contacts will have to wait roughly 40 seconds from Mailpile launch until his contact list is working. Similar slowdowns occur elsewhere, for instance with the search index.
My vote goes to NaCl, of which some nice Python wrappers exist. In particular, this looks good: https://github.com/pyca/pynacl