Path: csiph.com!usenet.pasdenom.info!news.redatomik.org!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.003 X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'subject:Python': 0.05; 'context': 0.05; 'key.': 0.07; 'matches': 0.07; 'attack.': 0.09; 'cipher': 0.09; 'filesystem': 0.09; 'it;': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'substitution': 0.09; 'assume': 0.11; '(data': 0.16; '10:00': 0.16; 'ciphers': 0.16; "computer's": 0.16; 'computes': 0.16; 'encryption': 0.16; 'file;': 0.16; 'guessing': 0.16; 'inserting': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'record,': 0.16; 'writes.': 0.16; 'wrote:': 0.16; 'refers': 0.18; 'preferred': 0.20; 'work,': 0.21; 'am,': 0.23; 'posted': 0.23; '2015': 0.23; 'insert': 0.23; 'normally': 0.23; 'file.': 0.24; 'header:In-Reply-To:1': 0.24; 'header:User-Agent:1': 0.26; 'header:X-Complaints-To:1': 0.26; "doesn't": 0.28; "i'm": 0.29; 'record': 0.29; 'end,': 0.29; 'hash': 0.29; 'periodic': 0.29; 'weak': 0.29; 'regardless': 0.31; 'computer.': 0.32; 'generally': 0.32; 'link.': 0.32; "d'aprano": 0.33; 'received:comcast.net': 0.33; 'steven': 0.33; 'file': 0.34; 'that,': 0.34; 'to:addr:python-list': 0.35; 'functions.': 0.35; 'something': 0.35; 'comment': 0.35; 'but': 0.36; 'there': 0.36; 'possible': 0.36; 'quite': 0.37; 'client': 0.37; 'subject:: ': 0.37; 'one,': 0.37; "won't": 0.38; 'tue,': 0.38; 'received:org': 0.38; 'files': 0.38; 'end': 0.39; 'means': 0.39; 'pm,': 0.39; 'application': 0.39; 'does': 0.39; 'to:addr:python.org': 0.39; 'data': 0.40; 'sure': 0.40; 'why': 0.40; 'easy': 0.60; 'your': 0.60; 'back': 0.61; 'grab': 0.61; 'making': 0.64; 'charset:windows-1252': 0.65; 'here': 0.66; 'encrypted': 0.66; 'subject:Data': 0.66; 'records': 0.70; 'smith': 0.76; 'you:': 0.79; 'malicious': 0.84; 'me;': 0.84; 'mind:': 0.84; 'receiver': 0.84; 'resistant': 0.84; 'checks.': 0.91; 'leak': 0.91; 'spoke': 0.91; 'suffer': 0.93 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Randall Smith Subject: Re: Pure Python Data Mangling or Encrypting Date: Tue, 30 Jun 2015 12:39:30 -0500 References: <558b7e85$0$1648$c3e8da3$5496439d@news.astraweb.com> <558bc912$0$2899$c3e8da3$76491128@news.astraweb.com> <558c1a7e$0$1668$c3e8da3$5496439d@news.astraweb.com> <558d86b0$0$1659$c3e8da3$5496439d@news.astraweb.com> <558ef059$0$1673$c3e8da3$5496439d@news.astraweb.com> <5592065e$0$1675$c3e8da3$5496439d@news.astraweb.com> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: c-98-251-140-107.hsd1.ms.comcast.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 In-Reply-To: <5592065e$0$1675$c3e8da3$5496439d@news.astraweb.com> X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.20+ Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 61 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1435685990 news.xs4all.nl 2938 [2001:888:2000:d::a6]:34347 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:93343 On 06/29/2015 10:00 PM, Steven D'Aprano wrote: > On Tue, 30 Jun 2015 06:52 am, Randall Smith wrote: > >> Not sure why you posted the link. The crc32 checksum is just to check >> for possible filesystem corruption. The system does periodic data >> corruption checks. BTRFS uses crc32 checksums also. Please explain. > > The file system can trust that anything writing to a file is allowed to > write to it, in doesn't have to defend against malicious writes. As I > understand it, your application does. > > Here is the attack scenario I have in mind: > > - you write a file to my computer, and neglect to encrypt it; > - and record the checksum for later; > - I insert malware into your file; > - you retrieve the file from me; > - if the checksum matches what you have on record, you accept the file; > - since you are using CRC, it is quite easy for me to ensure the > checksums match after inserting malware; > - and I have now successfully injected malware into your computer. > > I'm making an assumption here -- I assume that the sender records a checksum > for uploaded files so that when they get something back again they can tell > whether or not it is the same content they uploaded. Yes. The client software computes sha256 checksums. > > * * * > > By the way, regarding the use of a substitution cipher, I spoke to the > crypto guy at work, and "preimage attack" is not quite the right > terminology, since that's normally used in the context of hash functions. > It's almost a "known ciphertext attack", but not quite, since that > terminology refers to guessing the key from the ciphertext. > > I was wrong: cryptographically strong ciphers are generally NOT resistant to > what I described as a preimage attack. If the key leaks, using AES won't > save you: an attacker with access to the key can produce a ciphertext that > decrypts to the malware of his choice, regardless of whether you use > AES-256 or rot-13. There may be other encryption methods which don't suffer > from that, but he doesn't know of them off the top of his head. > > His comment was, "don't leak the key". I'm pretty sure all encryption hinges on guarding the key. > > The other threat I mentioned is that the receiver will read the content of > the file. For that, a strong cipher is much to be preferred over a weak > one, and it needs to be encrypted by the sending end, not the receiving > end. (If the receiving end does it, it has to keep the key so it can > decrypt before sending back, which means the computer's owner can just grab > the key and read the files.) > And again, that's why the client (data owner) uses AES.