Mailing List Archive: [ANNOUNCE] M2Crypto 0.01

[ANNOUNCE] M2Crypto 0.01

Aug 20, 1999, 8:09 AM

Post #1 of 6 (657 views)

Hello,

I am pleased to announce the release of M2Crypto 0.01;
the package is available at http://www.post1.com/home/ngps

Following is the README:

The M2 Python Crypto Toolkit 0.01
-----------------------------------

The M2 Python Crypto Toolkit (M2Crypto) ==
Python www.python.org
+ OpenSSL www.openssl.org
+ SWIG www.swig.org

Python is an interpreted, dynamic-typing, object-oriented programming
language that is often compared to Perl, Scheme, Tcl or Java. SWIG -
Simplified Wrapper and Interface Generator - provides glue to link C/C++
libraries with the above-mentioned languages.

M2Crypto presents a Python interface to OpenSSL, via SWIG.

M2 stands for "me, too!"*

This release includes the following: DH, RSA, DSA, RC4, MD5, SHA1,
RIPEMD160, and the EVP interfaces for message digests, HMACs, and
symmetric ciphers. It requires Python 1.5.2, OpenSSL 0.9.4, and,
optionally, SWIG 1.1p5 or later. It has been tested under FreeBSD
2.x, Redhat Linux 5.2, and WinNT4. It should run anywhere Python
and OpenSSL run.

M2Crypto is released under a license similar to Python's. See LICENSE
for details.

For now, M2Crypto is intended to be a prototyping tool; it is _not_
for writing production crypto software.

In particular, note the following caveats:

1. There will be memory leaks, because of pointer ownership contention
between Python and SWIG. (These would be due to my misprogramming.)

2. There is no memory locking/clearing for keys, passphrases, etc.

3. The PRNG has no interface for CS**; it is unlikely to be CS***.

4. AFAIK, Python and OpenSSL have not been subjected to the full attention
of the Bugtraq crowd. M2Crypto's handling of active hostile input is
probably suspect.

Of course, I hope to address these in future.

Meanwhile, have fun! Your feedback is welcome.

Ng Pheng Siong
ngps@post1.com

* Similar software are Marc-Andre Lemburg's mxCrypto, and two (?)
Python interfaces to the SSL portion of SSLeay/OpenSSL.

** Continuous seeding.

*** Cryptographically strong.

--
Ng Pheng Siong <ngps@post1.com>
--
Ng Pheng Siong <ngps@post1.com>

[ANNOUNCE] M2Crypto 0.01 [ In reply to ]

Aug 21, 1999, 9:26 AM

Post #2 of 6 (653 views)

Ng Pheng Siong wrote:
>
> Hello,
>
> I am pleased to announce the release of M2Crypto 0.01;
> the package is available at http://www.post1.com/home/ngps
>
> Following is the README:
>
> The M2 Python Crypto Toolkit 0.01
> -----------------------------------
...

Could you please tell me where that server is located and whether
it is legal to download the software from Germany ? If it is
US based then we have the same problem as I had with the other
two OpenSSL interfaces: it's not legal to export them from the US
since even code linking at crypto software (in law speak: providing
crypto specific hooks) is understood as being contrary to the
US export regulations (at least that's what the Lotus Notes
chief engineer said about it and he should know).

Anyway, mxCrypto development will continue to eventually include
most APIs of OpenSSL.

BTW, a way to speed up this work is by funding it: OpenSSL is really
hard to wrap right because of its poor documentation and the task is
rather time consuming.

--
Marc-Andre Lemburg
______________________________________________________________________
Y2000: 132 days left
Business: http://www.lemburg.com/
Python Pages: http://www.lemburg.com/python/

[ANNOUNCE] M2Crypto 0.01 [ In reply to ]

Aug 21, 1999, 10:43 AM

Post #3 of 6 (651 views)

<sheepish>
Ahem, I was fiddling with my newsreader when I posted this,
and I thought the posting didn't make it out. Since it did,
and I tried multiple times, I think there will be multiple
announcements.
</sheepish>

According to M.-A. Lemburg <mal@lemburg.com>:
> Ng Pheng Siong wrote:
> > I am pleased to announce the release of M2Crypto 0.01;
> > the package is available at http://www.post1.com/home/ngps
>
> Could you please tell me where that server is located and whether
> it is legal to download the software from Germany ?

The server is located in Singapore. AFAIK, there is no law against
export of cryptography from Singapore.

> Anyway, mxCrypto development will continue to eventually include
> most APIs of OpenSSL.

Hey, there are umpteen Java crypto libraries. Python can live with
three or five. ;-)

Cheers.

--
Ng Pheng Siong <ngps@post1.com>

[ANNOUNCE] M2Crypto 0.01 [ In reply to ]

fleck at informatik

Aug 22, 1999, 12:01 AM

Post #4 of 6 (652 views)

Ng Pheng Siong <ngps@madcap.dyn.ml.org> wrote:
>> Could you please tell me where that server is located and whether
>> it is legal to download the software from Germany ?
> The server is located in Singapore. AFAIK, there is no law against
> export of cryptography from Singapore.

That seems to be correct. But (oddly enough),
Singapore has *import* restrictions on cryptography:

http://cwis.kub.nl/~frw/people/koops/cls2.htm#si ("Crypto Law Survey")

Yours,
Markus.

--
////////////////////////////////////////////////////////////////////////////
Markus B Fleck - University of Bonn - CS Department IV - WHOIS MF5079
UNIX Administrator - comp.lang.python.announce Moderator
"GNU Gather" Free Internet Groupware Project - http://gather.net/
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

[ANNOUNCE] M2Crypto 0.01 [ In reply to ]

claird at starbase

Aug 22, 1999, 8:51 AM

Post #5 of 6 (652 views)

In article <7po784$lpu@news.rhrz.uni-bonn.de>,
Markus Fleck <fleck@informatik.uni-bonn.de> wrote:
>Ng Pheng Siong <ngps@madcap.dyn.ml.org> wrote:
>>> Could you please tell me where that server is located and whether
>>> it is legal to download the software from Germany ?
>> The server is located in Singapore. AFAIK, there is no law against
>> export of cryptography from Singapore.
>
>That seems to be correct. But (oddly enough),
>Singapore has *import* restrictions on cryptography:
>
> http://cwis.kub.nl/~frw/people/koops/cls2.htm#si ("Crypto Law Survey")
.
.
.
As others have recently cited Goldman and de Saint-Exupery,
I'll take the honor of recalling George's observation that
a function of governments is to treat their citizens in
times of peace the way enemies otherwise would during war.

It's not hard, by the way, to bring this back to Python.
One of Guido's consistent missions is to make the language
so accessible and rewarding that non-elites gain more
control over the computing resources in their lives. Python
aims to answer the question, "What will happen if users can
program their own computer?"
--

Cameron Laird http://starbase.neosoft.com/~claird/home.html
claird@NeoSoft.com +1 281 996 8546 FAX

[ANNOUNCE] M2Crypto 0.01 [ In reply to ]

Aug 25, 1999, 12:30 AM

Post #6 of 6 (651 views)

Ng Pheng Siong wrote:
>
> According to M.-A. Lemburg <mal@lemburg.com>:
> > Ng Pheng Siong wrote:
> > > I am pleased to announce the release of M2Crypto 0.01;
> > > the package is available at http://www.post1.com/home/ngps
> >
> > Could you please tell me where that server is located and whether
> > it is legal to download the software from Germany ?
>
> The server is located in Singapore. AFAIK, there is no law against
> export of cryptography from Singapore.

Great, then I'll take a look...

> > Anyway, mxCrypto development will continue to eventually include
> > most APIs of OpenSSL.
>
> Hey, there are umpteen Java crypto libraries. Python can live with
> three or five. ;-)

Oh, I've got no problem with that :-) -- I just wanted to give
people already using mxCrypto a note about its status.

Cheers,
--
Marc-Andre Lemburg
______________________________________________________________________
Y2000: 131 days left
Business: http://www.lemburg.com/
Python Pages: http://www.lemburg.com/python/