Path: csiph.com!usenet.pasdenom.info!goblin1!goblin.stu.neva.ru!nntp.spacedump.net!usenetcore.com!newsfeed.xs4all.nl!newsfeed7.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.036 X-Spam-Evidence: '*H*': 0.93; '*S*': 0.00; 'subject:Python': 0.05; 'bytes.': 0.07; 'attack.': 0.09; 'nice!': 0.09; 'hypothetical': 0.16; 'reboot': 0.16; 'sequence:': 0.16; 'wrote:': 0.16; 'translation': 0.16; 'byte': 0.18; 'suggested': 0.20; 'suppose': 0.22; 'am,': 0.23; '2015': 0.23; 'sat,': 0.23; 'slightly': 0.23; 'header:In-Reply-To:1': 0.24; 'example': 0.25; 'chris': 0.26; 'possibility': 0.27; 'disk': 0.27; 'message-id:@mail.gmail.com': 0.28; "doesn't": 0.28; 'fri,': 0.31; 'table': 0.32; 'windows.': 0.33; 'received:google.com': 0.34; "i'll": 0.34; 'to:addr:python- list': 0.35; 'somebody': 0.35; 'but': 0.36; 'possible': 0.36; 'two': 0.37; "didn't": 0.37; 'subject:: ': 0.37; 'thought': 0.37; 'pm,': 0.39; 'expect': 0.39; 'to:addr:python.org': 0.39; 'where': 0.40; 'your': 0.60; 'back': 0.61; 'entire': 0.61; 'you.': 0.64; 'subject:Data': 0.66; '26,': 0.72; 'smith': 0.76; '(okay,': 0.84; 'malicious': 0.84; 'to:name:python': 0.84 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=RK+tnhNXPRUpAufSft4rtnpnkZWrlf6P5U7DSixCmJ0=; b=LXE3acpm/5XjkNOHk8kKCnDUSIi/Rx00lJfsSlvA2jmGe5S0EDrkTVdl6Hm0VqUR3e naarQEMous1z0Q2zETkNZDGuUpYMzC+bN0n9ostLKqEXkk6peP4ovo5EsY0kpjR/r6oo Sj9yAxX5oU3MFJclunQbNrhW6AbFfX5ZvEtX6P60ALSv6biDcmlUSo8A42Ea2K81Qene gDh9Gz1LartM22aOeoN6VHJlLCSAz1Bh49sqqNnvfkRTohgl/riKH6WhF02xjhe8Au0s wd3a71+04TnemLTHYCcVS52gO7dlO58Fdsk1uZ0bgrCWxeh7PO2401GQ+jvnq6BcPyF1 DirQ== X-Received: by 10.129.94.7 with SMTP id s7mr6634747ywb.111.1435384825406; Fri, 26 Jun 2015 23:00:25 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <558b7e85$0$1648$c3e8da3$5496439d@news.astraweb.com> <558bc912$0$2899$c3e8da3$76491128@news.astraweb.com> <558c1a7e$0$1668$c3e8da3$5496439d@news.astraweb.com> <558d86b0$0$1659$c3e8da3$5496439d@news.astraweb.com> From: Ian Kelly Date: Fri, 26 Jun 2015 23:59:45 -0600 Subject: Re: Pure Python Data Mangling or Encrypting To: Python Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.20+ Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 19 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1435384827 news.xs4all.nl 2951 [2001:888:2000:d::a6]:49046 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:93223 On Fri, Jun 26, 2015 at 7:21 PM, Chris Angelico wrote: > On Sat, Jun 27, 2015 at 6:09 AM, Randall Smith wrote: >> Give me one plausible scenario where an attacker can cause malware to hit >> the disk after bytearray.translate with a 256 byte translation table and >> I'll be thankful to you. > > The entire 256-byte translation table is significant ONLY if you need > all 256 possible bytes. Suppose I want to generate the following byte > sequence: > > "\xCD\x19" > > (Okay, this is a slightly oversimplified example, as this attack > doesn't work on a modern Windows. But back in the days of DOS, this > program would reboot your computer.) Nice! When I suggested the possibility of a two byte value malicious payload, I thought it an extreme example of the hypothetical attack. I didn't expect that somebody might actually produce one.