On 03/29/2011 08:18 AM, Daniel Kahn Gillmor wrote:
now that Crypt::Nettle seems effective and functional, i'm starting to look at using it in other systems i'm working on. Suddenly, i realize i'm missing access to 3DES and BLOWFISH, which i find i actually want :/ I'm missing them because there is no struct nettle_cipher for these algorithms (or for DES, for that matter, though i care less about DES). I seem to have a few options:
- Crypt::Nettle could write unique interfaces to those ciphers and
expose them to the user of the perl module as (for example) Crypt::Nettle::Cipher::3DES and Crypt::Nettle::Cipher::Blowfish . this breaks symmetry with the rest of the interface, though.
- Crypt::Nettle could create its own struct nettle_cipher objects for
these ciphers, wrapping the weak key checking in some code of that belongs to the perl module 2) I could propose that nettle to create struct nettle_cipher objects for these ciphers directly. I prefer (1) or (2) because they'll keep a simple interface for Crypt::Nettle. I'm not sure how to do (2) without breaking ABI in nettle somehow (or losing the weak-key error checking).
I'd also prefer (2), because it reduces work for nettle consumers. For gnutls I didn't use nettle_cipher at all and created my own wrappers, because nettle cipher works only with few ciphers. At least for TLS, weak key checking is not that important due to low probability of selecting one, to be of any practical concern.
regards, Nikos