Skip to main content

The State of Crypto in Python

Jarret Raim (Rackspace), Paul Kehrer (Rackspace)
Python
E145
Average rating: ****.
(4.00, 1 rating)
Slides:   1-PDF 

Python has a complex past with cryptography. There are half a dozen major frameworks built on at least three separate C implementations, each with their own strengths and weaknesses and in various states of maintenance.

In our development of an open source key management system for OpenStack (Barbican), our team has spent some time investigating the major options including OpenSSL, libnss, nacl and pycrypto on the C side and PyOpenSSL, Pycrypto, python-nss and m2crypto on the Python side.

In our research, we noted several challenges with the current crop of libraries including audit state, support for PyPy, maintenance status, etc. In response to this, a group of Python aficionados with more time than sense have begun development of Cryptography (https://github.com/pyca/cryptography). Cryptography is a modern Python crypto library capable of utilizing multiple C backends based on CFFI, thus enabling PyPy use. We will cover the current state of the library, it’s goals and design decisions.

Jarret Raim

Rackspace

Jarret Raim is the Security Product Manager at Rackspace Hosting. Since joining Rackspace, he has built a software assurance program for Rackspace’s internal software teams as well as defined strategy for building secure systems on Rackspace’s OpenStack Cloud implementation. Through his experience at Rackspace, and as a consultant for Denim Group, Jarret has assessed and remediated applications in all industries and has experience width a wide variety of both development environments and the tools used to audit them. Jarret has recently taken charge of Rackspace’s efforts to secure the Cloud through new product development, training and research. Jarret holds a Masters in Computer Science from Lehigh University and Bachelors in Computer Science from Trinity University.

Paul Kehrer

Rackspace

Paul Kehrer is the crypto expert on the Barbican project, an open source key management platform for OpenStack. He has experience running a public certificate authority as well as doing significant open source work in cryptography by writing and maintaining r509, a ruby library for managing a certificate infrastructure and cryptography, a modern python crypto library.