Path: csiph.com!usenet.pasdenom.info!goblin2!goblin.stu.neva.ru!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.008 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'broken': 0.03; 'subject:Python': 0.05; 'from:addr:yahoo.co.uk': 0.05; 'bits': 0.07; 'linear': 0.07; 'problem?': 0.07; 'encoding.': 0.09; 'fashion.': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'assume': 0.11; 'ignore': 0.14; "hasn't": 0.15; 'disk.': 0.16; 'margin': 0.16; 'opposite': 0.16; 'reason.': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'wrote:': 0.16; 'language': 0.19; '>>>': 0.20; 'trying': 0.22; 'assumes': 0.22; 'lawrence': 0.22; 'sends': 0.22; '2015': 0.23; "haven't": 0.24; 'header:In-Reply-To:1': 0.24; 'words': 0.24; 'header:User- Agent:1': 0.26; 'header:X-Complaints-To:1': 0.26; 'ago': 0.27; 'right.': 0.27; 'data,': 0.27; 'said,': 0.27; "doesn't": 0.28; 'remotely': 0.29; 'no,': 0.29; 'supposed': 0.31; 'ideal': 0.32; 'language.': 0.32; 'getting': 0.33; 'problem': 0.33; 'third': 0.33; "he's": 0.33; 'steven': 0.33; 'to:addr:python-list': 0.35; 'nothing.': 0.35; 'unknown': 0.35; 'but': 0.36; 'being': 0.36; 'too': 0.36; 'data.': 0.36; 'totally': 0.36; 'client': 0.37; 'subject:: ': 0.37; 'received:org': 0.38; 'doing': 0.38; 'end': 0.39; 'does': 0.39; 'to:addr:python.org': 0.39; 'seem': 0.39; 'data': 0.40; 'sure': 0.40; 'mark': 0.40; 'some': 0.40; 'even': 0.61; 'hope': 0.61; 'avoid': 0.61; "you've": 0.61; 'here.': 0.61; 'high': 0.62; 'gave': 0.63; 'safe': 0.63; 'course': 0.64; 'our': 0.64; 'sincerely': 0.65; 'charset:windows-1252': 0.65; 'here': 0.66; 'attention.': 0.66; 'subject:Data': 0.66; 'yourself': 0.73; 'smith': 0.76; 'amateur': 0.84; 'completely,': 0.84; 'pythonistas,': 0.84; 'ridiculously': 0.84; 'cryptography': 0.91; 'increases': 0.91; 'thing,': 0.93 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Mark Lawrence Subject: Re: Pure Python Data Mangling or Encrypting Date: Fri, 26 Jun 2015 22:55:11 +0100 References: <558b7e85$0$1648$c3e8da3$5496439d@news.astraweb.com> <558bc912$0$2899$c3e8da3$76491128@news.astraweb.com> <558c1a7e$0$1668$c3e8da3$5496439d@news.astraweb.com> <558d86b0$0$1659$c3e8da3$5496439d@news.astraweb.com> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: host-78-146-12-194.as13285.net User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 In-Reply-To: X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.20+ Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 51 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1435355733 news.xs4all.nl 2825 [2001:888:2000:d::a6]:49742 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:93208 On 26/06/2015 22:29, Jon Ribbens wrote: > On 2015-06-26, Johannes Bauer wrote: >> On 26.06.2015 22:09, Randall Smith wrote: >>> You've gone on a rampage about nothing. My original description said >>> the client was supposed to encrypt the data, but you want to assume the >>> opposite for some unknown reason. >> >> While you seem to think that Steven is rampaging about nothing, he does >> have a fair point: You consistently were vague about wheter you want to >> have encryption, authentication or obfuscation of data. This suggests >> that you may not be so sure yourself what it is you actually want. > > He hasn't been vague, you and Steven just haven't been paying > attention. > >> You always play around with the 256! which would be a ridiculously high >> security margin (1684 bits of security, woooo!). You totally ignore that >> the system can be broken in a linear fashion. > > No, it can't, because the attacker does not have access to the > ciphertext. > >> Nobody assumes you're a moron. But it's safe to assume that you're a >> crypto layman, because only laymen have no clue on how difficult it is >> to get cryptography even remotely right. > > Amateur crypto is indeed a bad idea. But what you're still not getting > is that what he's doing here *isn't crypto*. He's just trying to avoid > letting third parties write completely arbitrary data to the disk. You > know what would be a perfectly good solution to his problem? Base 64 > encoding. That would solve the issue pretty much completely, the only > reason it's not an ideal solution is that it of course increases the > size of the data. > >> That people in 2015 actually defend inventing a substitution-cipher >> "crypto"system sends literally shivers down my spine. > > Nobody is defending such a thing, you just haven't understood what > problem is being solved here. > To be perfectly blunt I gave up days ago trying to follow what was being said, just too many words from all angles and too few diagrams for me to follow. I sincerely hope it doesn't end in tears. -- My fellow Pythonistas, ask not what our language can do for you, ask what you can do for our language. Mark Lawrence