Path: csiph.com!usenet.pasdenom.info!goblin1!goblin2!goblin.stu.neva.ru!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <jeanpierreda@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.055
X-Spam-Evidence: '*H*': 0.89; '*S*': 0.00; 'subject:Python': 0.05; 'pretend': 0.07; 'cc:addr:python-list': 0.10; 'encryption': 0.16; 'to:addr:pearwood.info': 0.16; "to:name:steven d'aprano": 0.16; 'wrote:': 0.16; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; '2015': 0.23; 'header:In-Reply-To:1': 0.24; 'data,': 0.27; 'message-id:@mail.gmail.com': 0.28; 'optional.': 0.29; 'no,': 0.29; 'fri,': 0.31; 'option': 0.31; "d'aprano": 0.33; 'steven': 0.33; 'another': 0.34; 'received:google.com': 0.34; 'could': 0.35; 'but': 0.36; 'except': 0.36; 'data.': 0.36; 'two': 0.37; 'turn': 0.37; 'subject:: ': 0.37; 'instead': 0.38; 'say': 0.38; 'pm,': 0.39; 'application': 0.39; 'data': 0.40; 'encrypted': 0.66; 'subject:Data': 0.66; '26,': 0.72; 'malicious': 0.84; 'receiver': 0.84; 'solved.': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=lyQNv+xC1azuwCn34xEVnC1NiOHleexprJD95rrB2RI=; b=Q/E6nF6n4h+1ZDFewF2rlG8OP8j2xdGMS2G/3Bwfl704wPSH2Y+5A6oE5Jmn51Teie zxGw/xYj9p6i5vb3d/QW35wtadM43lZwhsFBER9W7X91fw6AAIPD2KsIZLYl+gxBRH/u hHI8gMsUC6Zo4+0oNSN76Zql5yeWhKTcDnKVyf4uPibVRLH73rSRLwnUxCWX0JIOLxkB Nz6cSoZYXfz4rE26aNrpanArjJGd7Qs/Fojrny/kF1mITTdqpGFoISU0Iquk5w22Zr88 rXTBptHQoOKQj3t/o6ePe8GZB5V9QbaJLDQ1HmSXAz+XKEbDvq5H324Lh1P2S7I+Alzs Ds+Q==
X-Received: by 10.180.206.229 with SMTP id lr5mr2407956wic.86.1435377952484; Fri, 26 Jun 2015 21:05:52 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <558e1ac6$0$1675$c3e8da3$5496439d@news.astraweb.com>
References: <mmcagn$aa5$1@ger.gmane.org> <q67loadve6lsrh672u47omr04tvqttt6jd@4ax.com> <mailman.29.1435170987.3674.python-list@python.org> <558b7e85$0$1648$c3e8da3$5496439d@news.astraweb.com> <mailman.42.1435206516.3674.python-list@python.org> <558bc912$0$2899$c3e8da3$76491128@news.astraweb.com> <slrnmonkip.1nu.jon+usenet@frosty.unequivocal.co.uk> <558c1a7e$0$1668$c3e8da3$5496439d@news.astraweb.com> <slrnmoo7ev.1nu.jon+usenet@frosty.unequivocal.co.uk> <CAPTjJmqOzLTv9cFFKjV-BLtaFZhEZ4B870ALqNMmanCEN-VqXA@mail.gmail.com> <mailman.89.1435280528.3674.python-list@python.org> <558d86b0$0$1659$c3e8da3$5496439d@news.astraweb.com> <mailman.111.1435349412.3674.python-list@python.org> <558e1ac6$0$1675$c3e8da3$5496439d@news.astraweb.com>
From: Devin Jeanpierre <jeanpierreda@gmail.com>
Date: Fri, 26 Jun 2015 21:05:12 -0700
Subject: Re: Pure Python Data Mangling or Encrypting
To: "Steven D'Aprano" <steve@pearwood.info>
Cc: "comp.lang.python" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.119.1435377960.3674.python-list@python.org>
Lines: 12
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1435377960 news.xs4all.nl 2827 [2001:888:2000:d::a6]:33407
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:93218

On Fri, Jun 26, 2015 at 8:38 PM, Steven D'Aprano <steve@pearwood.info> wrote:
> Now you say that the application encrypts the data, except that the user can
> turn that option off.
>
> Just make the AES encryption mandatory, not optional. Then the user cannot
> upload unencrypted malicious data, and the receiver cannot read the data.
> That's two problems solved.

No, because another application could pretend to be the file-sending
application, but send unencrypted data instead of encrypted data.

-- Devin