-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose BN_rand
operations?
#4109
Comments
As discussed in IRC there's some questions about whether we want to expose arbitrary bignum math (or ec point math) to enable primitives to be built from our base. We have been reluctant to do this since the probability of misuse feels pretty high (and safely using these super-primitives can be difficult since the Python layer can potentially introduce a variety of side channels depending on how it's utilized). If you'd like to discuss whether it makes sense to build an API for this sort of thing in cryptography we can go down that path, but I have no objection to adding |
That sounds reasonable. I feel that the scope of that discussion (i.e. allowing arbitrary operations for bignums and EC points) is much bigger than this current issue, so probably you'd want to handle that separately. For sure @tuxxy and myself will be very interested in weighing in. For our short-term needs, Thanks for your time! |
Right now it is difficult to implement advanced cryptographic algorithms on top of cryptography.io.
One of the problems is sampling random big numbers. This could be easily solved by exposing some of the
BN_rand
operations from OpenSSL:https://www.openssl.org/docs/man1.0.2/crypto/BN_rand.html
I think that it is only necessary to expose
BN_rand
andBN_rand_range
. Perhaps, this also could be used inside cryptography.io (not sure about this).The text was updated successfully, but these errors were encountered: