{"id":5658,"library":"miscreant","title":"Miscreant (Python)","description":"Miscreant.py is a Python implementation of the Miscreant advanced symmetric encryption library, providing AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions. These algorithms offer misuse-resistant authenticated encryption, particularly AES-SIV, which prevents catastrophic failures from nonce reuse. The last stable version is 0.3.0, released in December 2017, and the project is effectively unmaintained.","status":"abandoned","version":"0.3.0","language":"en","source_language":"en","source_url":"https://github.com/miscreant/miscreant.py","tags":["cryptography","encryption","aes-siv","misuse-resistant","authenticated-encryption"],"install":[{"cmd":"pip install miscreant","lang":"bash","label":"Install Miscreant"}],"dependencies":[{"reason":"Provides core cryptographic primitives for Miscreant's constructions.","package":"cryptography","optional":false}],"imports":[{"note":"The primary interface for AES-SIV encryption.","symbol":"SIV","correct":"from miscreant.aes.siv import SIV"}],"quickstart":{"code":"import os\nfrom miscreant.aes.siv import SIV\n\n# AES-SIV requires a key twice the size of a standard AES key (e.g., 32 or 64 bytes)\n# For a 128-bit AES-SIV key, generate 32 bytes (2 * 16 bytes)\nkey = os.urandom(32) \n\nsiv = SIV(key)\n\nplaintext = b\"This is my secret message!\"\n# Associated data (AD) is authenticated but not encrypted\nassociated_data = [b\"header1\", b\"header2\"]\n\n# Encrypt (seal) the message\nciphertext = siv.seal(plaintext, ad=associated_data)\nprint(f\"Ciphertext: {ciphertext.hex()}\")\n\n# Decrypt (open) the message\ntry:\n    decrypted_plaintext = siv.open(ciphertext, ad=associated_data)\n    print(f\"Decrypted: {decrypted_plaintext.decode()}\")\nexcept Exception as e:\n    print(f\"Decryption failed: {e}\")","lang":"python","description":"This quickstart demonstrates how to initialize the AES-SIV cipher, encrypt a plaintext message with associated data, and then decrypt it. Note the requirement for a key of 32 or 64 bytes."},"warnings":[{"fix":"Users should carefully evaluate the risks of using an unmaintained cryptography library. Consider migrating to actively maintained alternatives like 'cryptography' (Fernet) or 'libsodium' wrappers if possible.","message":"The Miscreant Python repository is marked as 'Public archive' on GitHub, indicating that it is no longer actively maintained. No further development, bug fixes, or security patches are expected.","severity":"breaking","affected_versions":"0.3.0 and earlier"},{"fix":"The library explicitly warns 'Use this library at your own risk. This library has not been professionally audited by cryptography experts.' It is not recommended for high-security applications without a thorough independent audit.","message":"Some portions of the Miscreant implementation (specifically `s2v` and `dbl` functions) are in pure Python and are NOT constant time. This means they may be vulnerable to timing attacks that could reveal sensitive information, potentially leading to plaintext recovery.","severity":"gotcha","affected_versions":"0.3.0 and earlier"},{"fix":"Ensure your key is 32 bytes for AES-128 SIV or 64 bytes for AES-256 SIV. For example, `os.urandom(32)` for a 128-bit SIV key.","message":"The AES-SIV construction requires a key that is twice the size of a standard AES key (e.g., 32 bytes for AES-128 SIV, or 64 bytes for AES-256 SIV). Passing an incorrectly sized key will result in an error or insecure operation.","severity":"gotcha","affected_versions":"0.3.0 and earlier"},{"fix":"This status, combined with the 'abandoned' status, strongly advises against using this library for new projects or in production environments.","message":"The PyPI project for miscreant (version 0.3.0) is still classified with a 'Development Status :: 2 - Pre-Alpha'. This indicates that it was never considered stable or production-ready by its maintainers, even at its last release.","severity":"gotcha","affected_versions":"0.3.0 and earlier"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}