Path: csiph.com!usenet.pasdenom.info!news.redatomik.org!newsfeed.xs4all.nl!newsfeed7.news.xs4all.nl!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <python-python-list@m.gmane.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.002
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'subject:Python': 0.05; 'backwards': 0.09; 'base64': 0.09; 'extension.': 0.09; 'likely.': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'skipping': 0.09; 'underlying': 0.09; 'worse': 0.09; 'def': 0.14; '(there': 0.16; 'disk.': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'wrote:': 0.16; 'translation': 0.16; 'runs': 0.18; 'first,': 0.20; 'machine': 0.21; 'am,': 0.23; 'bit': 0.23; 'header:In-Reply-To:1': 0.24; 'header:User-Agent:1': 0.26; 'header:X-Complaints-To:1': 0.26; "doesn't": 0.28; "i'm": 0.29; 'looks': 0.29; 'appending': 0.29; 'periodic': 0.29; 'putting': 0.31; "i'd": 0.31; 'skip:d 20': 0.32; 'table': 0.32; 'received:comcast.net': 0.33; 'case,': 0.34; 'file': 0.34; 'add': 0.34; 'could': 0.35; 'to:addr:python-list': 0.35; 'newer': 0.35; 'skip:d 30': 0.35; 'something': 0.35; 'but': 0.36; 'there': 0.36; 'subject:: ': 0.37; 'received:org': 0.38; 'to:addr:python.org': 0.39; 'seem': 0.39; 'sure': 0.40; 'why': 0.40; 'some': 0.40; 'personally': 0.61; 'land': 0.63; 'charset:windows-1252': 0.65; 'subject:Data': 0.66; 'integrity': 0.76; 'smith': 0.76; 'safety.': 0.84; 'checks.': 0.91; 'imagine': 0.96
X-Injected-Via-Gmane: http://gmane.org/
To: python-list@python.org
From: Randall Smith <randall@tnr.cc>
Subject: Re: Pure Python Data Mangling or Encrypting
Date: Mon, 29 Jun 2015 15:46:36 -0500
References: <mmcagn$aa5$1@ger.gmane.org> <q67loadve6lsrh672u47omr04tvqttt6jd@4ax.com> <mailman.29.1435170987.3674.python-list@python.org> <558b7e85$0$1648$c3e8da3$5496439d@news.astraweb.com> <mailman.42.1435206516.3674.python-list@python.org> <558bc912$0$2899$c3e8da3$76491128@news.astraweb.com> <slrnmonkip.1nu.jon+usenet@frosty.unequivocal.co.uk> <558c1a7e$0$1668$c3e8da3$5496439d@news.astraweb.com> <slrnmoo7ev.1nu.jon+usenet@frosty.unequivocal.co.uk> <CAPTjJmqOzLTv9cFFKjV-BLtaFZhEZ4B870ALqNMmanCEN-VqXA@mail.gmail.com> <mailman.89.1435280528.3674.python-list@python.org> <558d86b0$0$1659$c3e8da3$5496439d@news.astraweb.com> <mmkbij$dpm$1@ger.gmane.org> <CAPTjJmon4abegr01-+mo5aLML+gA3wnR_+_kTTU7gGuCn=xrDA@mail.gmail.com> <mailman.141.1435424948.3674.python-list@python.org> <slrnmp00qf.1nu.jon+usenet@frosty.unequivocal.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Gmane-NNTP-Posting-Host: c-98-251-140-107.hsd1.ms.comcast.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
In-Reply-To: <slrnmp00qf.1nu.jon+usenet@frosty.unequivocal.co.uk>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.170.1435610818.3674.python-list@python.org>
Lines: 40
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1435610818 news.xs4all.nl 2948 [2001:888:2000:d::a6]:45586
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:93293

On 06/28/2015 09:21 AM, Jon Ribbens wrote:
> On 2015-06-27, Randall Smith <randall@tnr.cc> wrote:
>> Thankyou.  Nice points. I do think given the risks (there are always
>> risks) discussed, a successful attack of this nature is not very likely.
>>    Worse case, something that looks like this would land on the disk.
>>
>> crc32 checksum + translation table + malware
>>
>> with a generated base64 name and no extension.
>
> I'm not sure why you're bothering with the checksum, it doesn't seem
> to me that it buys you anything. Personally I'd do something like
> this (pseudocode):


Same reason newer filesystems like BTRFS use checkusms (BTRFS uses 
CRC32).  The storage machine runs periodic file integrity checks.  It 
has no control over the underlying filesystem.


>
>    def obfuscate(data):
>        encode_key = list(range(256))
>        random.shuffle(encode_key)
>        encode_key = bytes(encode_key)
>        decode_key = bytes(encode_key.index(i) for i in range(256))
>        return decode_key + data.translate(encode_key) + decode_key
>
>    def deobfuscate(data):
>        return data[256:-256].translate(data[:256])
>
> The reason for appending the key as well as prepending it is that some
> anti-virus or malware scanners may well look at the last part of the
> file first, so putting something entirely locally-generated there may
> add a bit of safety. You could also simply pad with nulls or something
> of course, but again I can imagine some tools skipping backwards past
> nulls.
>