Path: csiph.com!usenet.pasdenom.info!news.redatomik.org!newsfeed.xs4all.nl!newsfeed7.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <jeanpierreda@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.005
X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'subject:Python': 0.05; 'key.': 0.07; 'bytes,': 0.09; 'cipher': 0.09; 'craft': 0.09; 'substitution': 0.09; 'cc:addr:python-list': 0.10; '(but': 0.15; 'thu,': 0.15; 'ciphers': 0.16; 'cleartext': 0.16; 'different,': 0.16; 'executed,': 0.16; 'symmetric': 0.16; 'wrote:': 0.16; 'bytes': 0.18; 'input': 0.18; '>>>': 0.20; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; 'produces': 0.22; 'suppose': 0.22; 'am,': 0.23; 'bit': 0.23; '2015': 0.23; 'unlike': 0.23; 'header :In-Reply-To:1': 0.24; 'chris': 0.26; 'message- id:@mail.gmail.com': 0.28; "doesn't": 0.28; "i'm": 0.29; 'key,': 0.29; 'pile': 0.29; 'that.': 0.30; 'maybe': 0.31; "can't": 0.32; 'anyone': 0.32; 'getting': 0.33; 'point': 0.33; 'though.': 0.33; 'file': 0.34; 'received:google.com': 0.34; 'that,': 0.34; 'wrong': 0.35; 'could': 0.35; 'propose': 0.35; 'something': 0.35; "isn't": 0.35; 'but': 0.36; 'being': 0.36; 'should': 0.37; 'subject:: ': 0.37; 'desired': 0.37; 'starting': 0.38; 'someone': 0.38; 'pm,': 0.39; 'submit': 0.39; 'your': 0.60; 'back': 0.61; 'behavior': 0.61; 'is.': 0.63; 'safe': 0.63; 'encrypted': 0.66; 'subject:Data': 0.66; 'aiui': 0.84; 'one;': 0.84; 'stronger.': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=L7ni1/B64HKN39lU2RCyvv6yBhcCu8jBjZ7IvY+LjNU=; b=FUdBDi9bLvmADEQLbplwL0IKB46zCtU71y8aOA2xrtFpaFG9WqJDVWt8qrwW3BJQdy oTZsMgQ4sBwE4O4zVOvx5WBgxrq8xlhJ5A+xk5JDMxpSA2tuJm41YA4kc9ZaGs5vBBpB ROyln90xyvcqAV8bytpXNy7gezaI69XyOs9St4+sVFb84HFRLESQhLorRNTv42tcU3Ze neknVC+ZlE2wIywyMVDRRhXzebJaz6EI+N2yERJmwHVj2dPhEDqZIXa3U8YUemqu6SF3 /Xs3HMid2GZOoVOIVFBc6bktS7Sz1PKRGMlIAaCbW/6dUyrQ9FGda0cEe0HUg3x9fnWY cnKQ==
X-Received: by 10.194.172.130 with SMTP id bc2mr68776892wjc.85.1435227545629; Thu, 25 Jun 2015 03:19:05 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <CAPTjJmp242O_U+=JvP_qMY_zSO+FHMp3kb=Sg2G-QWgFjY_Gxw@mail.gmail.com>
References: <mmcagn$aa5$1@ger.gmane.org> <q67loadve6lsrh672u47omr04tvqttt6jd@4ax.com> <mailman.29.1435170987.3674.python-list@python.org> <558b7e85$0$1648$c3e8da3$5496439d@news.astraweb.com> <mailman.42.1435206516.3674.python-list@python.org> <558bc912$0$2899$c3e8da3$76491128@news.astraweb.com> <CABicbJ+sgkp4WZOMUETDoU0GeGf8BzNtWiBSAtYaH7u7NaXOXA@mail.gmail.com> <CAPTjJmp242O_U+=JvP_qMY_zSO+FHMp3kb=Sg2G-QWgFjY_Gxw@mail.gmail.com>
From: Devin Jeanpierre <jeanpierreda@gmail.com>
Date: Thu, 25 Jun 2015 03:18:26 -0700
Subject: Re: Pure Python Data Mangling or Encrypting
To: Chris Angelico <rosuav@gmail.com>
Cc: "comp.lang.python" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.56.1435227547.3674.python-list@python.org>
Lines: 28
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1435227547 news.xs4all.nl 2934 [2001:888:2000:d::a6]:35952
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:93131

On Thu, Jun 25, 2015 at 2:57 AM, Chris Angelico <rosuav@gmail.com> wrote:
> On Thu, Jun 25, 2015 at 7:41 PM, Devin Jeanpierre
> <jeanpierreda@gmail.com> wrote:
>>> I know that the OP doesn't propose using ROT-13, but a classical
>>> substitution cipher isn't that much stronger.
>>
>> Yes, it is. It requires the attacker being able to see something about
>> the ciphertext, unlike ROT13. But it is reasonable to suppose that
>> maybe the attacker can trigger the file getting executed, at which
>> point maybe you can deduce from the behavior what the starting bytes
>> are...?
>>
>
> If a symmetric cipher is being used and the key is known, anyone can
> simply perform a decryption operation on the desired bytes, get back a
> pile of meaningless encrypted junk, and submit that. When it's
> encrypted with the same key, voila! The cleartext will reappear.
>
> Asymmetric ciphers are a bit different, though. AIUI you can't perform
> a decryption without the private key, whereas you can encrypt with
> only the public key. So you ought to be safe on that one; the only way
> someone could deliberately craft input that, when encrypted with your
> public key, produces a specific set of bytes, would be to brute-force
> it. (But I might be wrong on that. I'm no crypto expert.)

Yes, so it should be random.

-- Devin