[TECH DEBT] Cryptography APIs #63066
Labels
dependency
underlying Salt dependency issue
security
issues and PRs for the Security Working Group
tech-debt
Description of the tech debt to be addressed, include links and screenshots
Looking into the cryptographic APIs that are used throughout the code base I noticed
pycryptodomex
is a hard dependency andM2Crypto
is apparently not. The reason to bring this up is that, for example, in salt/crypt.pyM2Crytpo
is favoured overCryptodome
.Also in modules like TLS pyOpenSSL is used instead of
pyca/cryptography
, as recommended by the Python Cryptographic Authority.Would it make sense to use just one cryptography library to reduce maintenance cost?
pyca/cryptography
seems to have a more thriving community and more activity thanM2Crypto
.The text was updated successfully, but these errors were encountered: