Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Request for comments: Peewee integration with pysqlcipher

Uncle Zzzen unclezzzen at
Fri Apr 18 20:31:53 PDT 2014 is our fork of
peewee<>(a tiny python orm) that
pysqlcipher <> integration. There's
also a gist <> with a minimal
example if you want to play with this without starting from scratch.

First, I'm happy to annouce this (as long as you understand that *this has
not been peer reviewed yet*).

This brings us to the question whether I've introduced new vulnerabilities
(I don't think so, but people never do [?]).

Also, there's an "educational" question:
This is a library, so the target audience is a developer who "should know
better" (but maybe doesn't). I've introduced "reasonable
for passphrase length and kdf_iter. If the developer tries to use
"unreasonable values", the error message says something like "you need more
than that", because the numbers are quite low (8 and 10000).

So the questions are:

   1. What are the "right numbers"?
   2. Is 64000 a "reasonable
   for kdf_iter?
   3. Anything wrong or misleading in my docs/comments?
   4. Any urls I could send developers who wish to learn more?
   5. [and - of course] Any vulnerabilities you cana think off?


The Dod <> / the
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list