Path: csiph.com!eternal-september.org!feeder.eternal-september.org!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed7.news.xs4all.nl!nzpost1.xs4all.net!not-for-mail
Return-Path: <ian.g.kelly@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.101
X-Spam-Level: *
X-Spam-Evidence: '*H*': 0.80; '*S*': 0.00; 'subject:code': 0.07; 'subject:question': 0.08; 'cipher': 0.09; 'wed,': 0.15; 'alphabet': 0.16; 'lower,': 0.16; 'set,': 0.16; 'subject:Hiding': 0.16; 'wrote:': 0.16; '2015': 0.20; 'cycles': 0.22; 'bit': 0.23; 'written': 0.24; 'header:In-Reply-To:1': 0.24; "doesn't": 0.26; '+0000': 0.27; 'least': 0.27; 'message-id:@mail.gmail.com': 0.27; 'character': 0.29; 'point': 0.33; 'options': 0.33; 'case,': 0.34; 'add': 0.34; 'received:google.com': 0.35; 'set.': 0.35; 'unicode': 0.35; 'unknown': 0.35; 'but': 0.36; 'basic': 0.36; 'to:addr :python-list': 0.36; 'pm,': 0.36; 'subject:: ': 0.37; 'really': 0.37; 'method': 0.37; 'starting': 0.37; 'subject:from': 0.39; 'easily': 0.39; 'to:addr:python.org': 0.40; 'where': 0.40; 'still': 0.40; 'entire': 0.61; 'matter': 0.63; 'more': 0.63; 'great': 0.63; 'within': 0.64; 'fall': 0.66; 'frequency': 0.66; '(utc),': 0.84; 'only...': 0.84; 'to:name:python': 0.84; 'dennis': 0.91; 'from.': 0.93
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=sKtFEixxENuWToUHYExmI0IlhgPDAZOUX9L3FrKoTrQ=; b=Et68Rr9LesNGhjdqrYmk+Ar0ih1WIl0Hvq5hGcXVpGYJlb+k+zcX9qDwg0sdS6ugFN PKfaoyXntIASP8DyKvfEolpRBfdsLSgOEpvrlGvDTQ6JjCDnFMFneDQEGkamc2n7XbJm yvrvg7lkCG9wpciD8K3qkZtRHnGCxMP4TxRF6amsKdpQd//aKZ+Jbx6cqUkpb/28UM8t HziHSF222OL5kSwsniEXAD4IId+Kwua/ugiJP0XJAkmcwVX2ytfAIrVW9RC/2eyyrj+U Ldx1iwS+vYzlIozAEYTxkkN89dDY+cGQ8YqOzfYt2Tf5Y7f8ynU7GbDiPlD7KauhbMN2 7xXA==
X-Received: by 10.129.51.23 with SMTP id z23mr5470743ywz.198.1444315522719; Thu, 08 Oct 2015 07:45:22 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <pacb1b51ompc082r9378svm5eh9cvv2ekd@4ax.com>
References: <tp5fec-l15.ln1@esprimo.zbmc.eu> <mv35a3$v1k$1@speranza.aioe.org> <pacb1b51ompc082r9378svm5eh9cvv2ekd@4ax.com>
From: Ian Kelly <ian.g.kelly@gmail.com>
Date: Thu, 8 Oct 2015 08:44:43 -0600
Subject: Re: Hiding code from intruders, a different slant on an old question
To: Python <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.479.1444315530.28679.python-list@python.org>
Lines: 23
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1444315530 news.xs4all.nl 23823 [2001:888:2000:d::a6]:46647
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:97508

On Wed, Oct 7, 2015 at 6:01 PM, Dennis Lee Bieber <wlfraed@ix.netcom.com> wrote:
> On Wed, 7 Oct 2015 13:05:07 +0000 (UTC), alister
> <alister.nospam.ware@ntlworld.com> declaimed the following:
>
>
>>With a simple Cesar the method is "shift the alphabet by 'X' characters
>>and X is the key
>>
>>if the key is unknown then the attacker still has to brute force the
>>method (admittedly with only 25 options this is not difficult)
>
>         But who'd consider that with just one-case and alphabet only...
>
>         At the least include upper, lower, numbers, and basic punctuation --
> that will add a few more cycles of computation time to break <G>

It doesn't really matter how much you add; any Caesar cipher is going
to fall easily to just a little bit of frequency analysis. Consider an
extreme case, where the range of X is the size of the entire Unicode
character set. If the message is written in a Latin-based character
set, chances are good that the majority of the characters will fall
within a range of <96, giving the attacker a great starting point to
brute-force from.