Well, let's try again. I know Ed25519 is not on anyone's list, but I
would like to show at minimum that it is interesting.
%timeit wheel.tool.unpack('lxml-3.0.1-cp27-none-linux_x86_64.whl')
10 loops, best of 3: 123 ms per loop
.unpack() verifies the signature and extracts the file. Installation
is not much more costly than unpack. Removing the C extension to use
the Python Ed25519 instead,
%timeit wheel.tool.unpack('lxml-3.0.1-cp27-none-linux_x86_64.whl')
1 loops, best of 3: 153 ms per loop
With python-ecdsa, verifying a single signature,
import ecdsa
sk = ecdsa.SigningKey.generate(ecdsa.NIST256p)
sig = sk.sign("message")
vk = sk.get_verifying_key()
%timeit vk.verify(sig, "message")
1 loops, best of 3: 144 ms per loop
takes about as long as the whole unpack() including verification.
You will notice the difference when you are rebuilding a virtualenv
with 30+ dependencies every time you commit, keeping the old
virtualenv around in case something broke. It wouldn't matter if we
were building from source because we would avoid creating new
virtualenvs just to save time.
Also python-ecdsa does not work on Python 3.
ECDSA's verifying (public) keys at the same security level are 64
bytes instead of the 32-byte Ed25519 keys, which would make the
proposed "inline public keys" syntax half as convenient.
package[ed25519=ouBJlTJJ4SJXoy8Bi1KRlewWLU6JW7HUXTgvU1YRuiA]
I hope that the speed of wheel, and the properties of its signature
scheme, will inspire people to invent new applications that require
those features.
If necessary we could also just remove algorithms from the spec and
make the signing implementation pluggable. For key management reasons,
the signing interface used by the build tool is already "run the wheel
command line tool in a subprocess" which is also what you would do if
you needed to take advantage of the allowed S/MIME RECORD.p7s.
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
