Hi all, cryptography currently ships numerous legacy symmetric algorithms that, anecdotally, have very low use. These algorithms have a variety of security drawbacks when compared to more modern equivalents (namely AES or ChaCha20) and generally shouldn't be used. We plan to deprecate them on a long cycle such that users who don't read the mailing list have a chance to speak up if they have a use case that we should consider, but we're also reaching out here to solicit opinions.
The algorithms we'd like to deprecate and remove are: * CAST5 * SEED * IDEA * Blowfish 3DES and ARC4 are also legacy (and ARC4 has serious security issues), but their common use in many scenarios means they will not be deprecated. This decision has two primary driving factors: reducing the number of algorithms that developers need to be aware of to make a reasonable choice, and lowering our reliance on the "legacy" provider in OpenSSL 3.0.0+ with a goal of eventually removing it entirely. If you have use cases that require these algorithms please let us know! -Paul Kehrer (reaperhulk) _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
