Friday 4:15 p.m.–5 p.m.

The State of Crypto in Python

Jarret Raim, Paul Kehrer

Audience level:
Intermediate
Category:
Python Libraries

Description

There are a half-dozen major Python cryptography frameworks built on at least three separate C implementations, each with their own strengths and weaknesses and in various states of maintenance. This presentation will review the current state of the art and discuss the future of crypto in Python including a new library under development, PyPy support and more.

Abstract

Python has a complex past with cryptography. There are half a dozen major frameworks built on at least three separate C implementations, each with their own strengths and weaknesses and in various states of maintenance. In our development of an open source key management system for OpenStack (Barbican), our team has spent some time investigating the major options including OpenSSL, libnss, nacl and pycrypto on the C side and PyOpenSSL, Pycrypto, python-nss and m2crypto on the Python side. In our research, we noted several challenges with the current crop of libraries including audit state, support for PyPy, maintenance status, etc. In response to this, a group of Python aficionados with more time than sense have begun development of Cryptography (https://github.com/pyca/cryptography). Cryptography is a modern Python crypto library capable of utilizing multiple C backends based on CFFI, thus enabling PyPy use. We will cover the current state of the library, it's goals and design decisions.