Path: csiph.com!usenet.pasdenom.info!gegeweb.org!usenet-fr.net!nerim.net!novso.com!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.048 X-Spam-Evidence: '*H*': 0.90; '*S*': 0.00; 'debug': 0.07; 'modify': 0.07; 'tries': 0.07; '"if': 0.09; 'assuming': 0.09; 'exception.': 0.09; 'hour.': 0.09; 'indeed,': 0.09; 'executor': 0.16; 'finder.': 0.16; 'goal,': 0.16; 'hashes': 0.16; 'levels,': 0.16; 'password,': 0.16; 'saying.': 0.16; 'skip:h 80': 0.16; 'so.': 0.16; 'wrote:': 0.18; 'written': 0.21; 'code,': 0.22; 'header:User-Agent:1': 0.23; 'byte': 0.24; 'bytes': 0.24; 'own.': 0.24; 'question': 0.24; "i've": 0.25; 'source': 0.25; 'equivalent': 0.26; 'possibly': 0.26; 'header:In-Reply-To:1': 0.27; 'idea': 0.28; 'point': 0.28; 'chris': 0.29; 'feature': 0.29; "i'm": 0.30; 'gives': 0.31; 'code': 0.31; 'lines': 0.31; 'that.': 0.31; '(since': 0.31; '3.2': 0.31; 'embedding': 0.31; 'obscure': 0.31; 'safely': 0.31; 'second,': 0.31; 'figure': 0.32; 'says': 0.33; 'ago': 0.33; 'checking': 0.33; 'implemented': 0.33; 'could': 0.34; "can't": 0.35; 'something': 0.35; 'test': 0.35; 'but': 0.35; 'there': 0.35; 'version': 0.36; 'really': 0.36; 'described': 0.36; 'done,': 0.36; 'doing': 0.36; 'shows': 0.36; 'useful': 0.36; 'too': 0.37; 'two': 0.37; 'project': 0.37; 'being': 0.38; 'sometimes': 0.38; 'security,': 0.38; 'needed': 0.38; 'to:addr:python-list': 0.38; 'pm,': 0.38; 'bad': 0.39; 'to:addr:python.org': 0.39; 'according': 0.40; 'even': 0.60; 'read': 0.60; 'easy': 0.60; 'most': 0.60; 'full': 0.61; 'effective': 0.61; 'simply': 0.61; "you're": 0.61; 'first': 0.61; 'back': 0.62; 'such': 0.63; 'more': 0.64; 'different': 0.65; 'hours': 0.66; 'effective.': 0.68; 'received:74.208': 0.68; 'hour': 0.70; 'secure': 0.71; 'incoming': 0.72; 'subject:Hello': 0.72; 'million': 0.74; '100%': 0.77; '50%': 0.78; 'demanded': 0.84; 'scarily': 0.84; 'subject:World': 0.91 Date: Mon, 22 Dec 2014 14:57:11 -0500 From: Dave Angel User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: python-list@python.org Subject: Encryption - was Hello World References: <54957226$0$12975$c3e8da3$5496439d@news.astraweb.com> <54971df7$0$30820$b1db1813$ba2d9d20@news.astraweb.com> <54974ed7$0$12986$c3e8da3$5496439d@news.astraweb.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:DE5P78xjqJEYaTBgU0rGKRZf+wDp6olGJvaolNvYzat qKRb/njXQHGrLbFRKB4IZh1T7lacyCk1acH63zTzSLyC1fg290 MY4yGjhbZh62foLY5tXiRRo+iy3jPjWVqsh13VEHuWUa6CTleD Pi3qLT7c2bTmfllVnZgxhC1vAwqDzKUY0shsvUkfyVCw/AQBcI hYn8pPsvZUVVJFUurWQYWH5G96uGwI04JRuppyzBvWmKXmaVTE /cOfMrWvyFu9t1MTd4AETao1itowJHe8DLnhcN8SOCJ5qEdd3A mXIPku0zv3tRqxwX123c48p5Uh1ikW7NvGMIvn4deGkPUpXPNR mt/y3LIsK+2hFBhQrSIs= X-UI-Out-Filterresults: notjunk:1; X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 54 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1419278249 news.xs4all.nl 2898 [2001:888:2000:d::a6]:56626 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:82802 On 12/22/2014 12:25 PM, Chris Angelico wrote: > There's one exception. Writing your own crypto is a bad idea if that > means reimplementing AES... but if you want something that's effective > on completely different levels, sometimes it's best to write your own. > I had a project a while ago that needed some encryption work done, and > I implemented something that I described as "scarily effective". My > boss demanded that the debug code-execution feature be protected by a > password that would be strong even if someone could read the source > code, so I put together something that would hash the incoming > password, then check to see if the first two and last two bytes of the > hash were all the same byte value as the current hour-of-week (ranging > from 0 to 167). This is clearly more secure than simply embedding a > SHA256 hash in the source code, because you can't possibly > reverse-engineer it (since you don't even have the full hash). And > yes, this was 100% effective in convincing my boss that the code > executor was safely guarded. Since that was the goal, having several > lines of complex and opaque code was far better than a single line > that says "if hash(password)=='5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8': > do stuff", which is way too easy for someone to decode. > > And it was, indeed, scarily effective. That lasted for a long time, > and any time there was a question about security, I could just point > to that and say "See? Safe."... I figure I must be misunderstanding something in your explanation, since a brute-force password guesser would seem to only need four billion tries to (probably) crack that. 1) Are you assuming that the cracker can read the source code, but cannot modify the version of the code that is running? 2) Are you really doing something equivalent to: test = time_calc() - get a one-byte byte-string according to hour of the week encoded_pw = hash(password) if encoded_pw.startswith(test*2) and encoded_pw.endswith(test*2): ---passed--- I can understand that being sufficiently obscure for the pointy haired boss, but I figure I've got to be missing something. A quick test with 3.2 shows that around a million hashes can be generated per second, so checking four billion is only an hour or so. Since some of them will collide, that gives us something better than 50% likelihood of having found a useful pw in an hour. But a few more hours and we'll most likely have it. For that matter, you must have already written such a pw finder. I'm back to figuring I'm misunderstanding what you're saying. -- DaveA