Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Request for comments: Peewee integration with pysqlcipher

Uncle Zzzen unclezzzen at
Sat Apr 19 08:50:39 PDT 2014

Regardless of this specific code, it has led to a
the *"Warnning!!!
Experimental!!!"* comments in crypto libraries and whether code with such
warning should be pull-requested into live projects [as optional
extensions, of course].

I'd like to hear your opinions on this, because now that we know
I think such issues are important to the developer community.

On 19 April 2014 10:31, Uncle Zzzen <unclezzzen at> wrote:

> is our fork of peewee<>(a tiny python orm) that provides
> pysqlcipher <> integration.
> There's also a gist <> with a
> minimal example if you want to play with this without starting from scratch.
> First, I'm happy to annouce this (as long as you understand that *this
> has not been peer reviewed yet*).
> This brings us to the question whether I've introduced new vulnerabilities
> (I don't think so, but people never do [?]).
> Also, there's an "educational" question:
> This is a library, so the target audience is a developer who "should know
> better" (but maybe doesn't). I've introduced "reasonable minimums<>"
> for passphrase length and kdf_iter. If the developer tries to use
> "unreasonable values", the error message says something like "you need more
> than that", because the numbers are quite low (8 and 10000).
> So the questions are:
>    1. What are the "right numbers"?
>    2. Is 64000 a "reasonable default<>"
>    for kdf_iter?
>    3. Anything wrong or misleading in my docs/comments?
>    4. Any urls I could send developers who wish to learn more?
>    5. [and - of course] Any vulnerabilities you cana think off?
> Thanks,
> The Dod <> / the Swizzler<>project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list