[PeterWhittaker]

Interesting idea. But I question the overall security philosophy of a project that includes so many suspected to be weak, known to be weak, or provably weak algorithms, e.g., MD2, MD4, MD5, SHA-1, and DES.

If this is for serious security, DROP THOSE NOW. Sorry to scream, but the sooner we stop using them, the better.

I also wouldn't spend a lot of time on AES 256, given some of the recently described weaknesses that reduce it to by many bits of strength. Better to work on CAST5, e.g.

Better yet, work on the RNG. Make sure the RNG is cryptographically secure. Without a cryptographically secure RNG, all the key derivation algorithms are pretty much useless.

[andrewfong]

Per the README, it appears these are disabled by default:

> Several weak or broken primitives are implemented in this library, for research or legacy reasons. These should not be used under normal circumstances! To restrict their usage, they have been marked as insecure, with the Lockbox.insecure() method. This will cause a failed assertion when you attempt to import the module, unless you set Lockbox.ALLOW_INSECURE to true before the import.

[jlarsen]

I agree! There are quite a few provably insecure algorithms in the project. That said, I do think they are useful to keep around: As a reference, for legacy systems, or to practice cracking.

It'd be a little silly to not add AES-256 since I already have AES-128, but I will definitely look into adding CAST5 and CSPRNGs.