Path: csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail
From: Christian Baier <chrbaier@gmx.de>
Newsgroups: de.comp.lang.python
Subject: [Python-de] Crypto mit Python2-Hausmitteln?.
Date: Sun, 30 Jun 2019 22:38:56 +0200
Lines: 78
Message-ID: <mailman.67.1561927138.29664.python-de@python.org>
References: <ca0c4c44-fc38-e80b-9e47-07e797ccc6ee@gmx.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Trace: news.uni-berlin.de rKk85nUzWMvC/kGREuuEBg3y5j/MRuuQ0CdGjK144YYQ==
Return-Path: <chrbaier@gmx.de>
X-Original-To: python-de@python.org
Delivered-To: python-de@mail.python.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1561927137; bh=rYd5d7PtPOn8oXI723eK81o4HIDkTHW1OzRl9xnJk+I=; h=X-UI-Sender-Class:To:From:Subject:Date; b=diN9T60rpuXX8akiPGJzLAC1sLnEMlpf6YMc8HH8oUB9wc4fmhoyuuncu62BKcduj OzgkCLj9q3g7/6Jpoalvf5+44MsuZMRDFjfVb2lllotrFLuFJhzOZIok6OPpxA2HHY +nKhjsto+Uw5u28b8YExaNHCjM6882lFhuanXx2c=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Thunderbird/60.7.1
Content-Language: de-DE
X-Provags-ID: V03:K1:5zdBID15Zxqt22eqchAhopgncC3S5Eriy6XiLJMI8z2+4JMu9yO qY8cQPsodmxpwTRSynzVif2syttnq3r91NzG3t9wxaTCXthsrmUc4hm4OLDx03gx8esNrk0 fAMxr4fM5nzNpqqhJ8qrR7rrx++T0IWLTJBz0as7BTQKe313PPLTPwz39Kk5Wb4TAD48WHl ZEu8Buj+CpAR4/5q7A2Tw==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:FCFLBe2g7tI=:7x4PbmXlOT7//7thT0ISn6 qrpAzrQAm30smIfYLmV65XJeJESWqXvlNt8ERS+mzPveqNDOwbSO7SDOYhEWwlpbg/rqkTiCV ZA95gRiIZXscf8sCqTOdnKNha8LhZvjy8gkD4GRYlcnoP06w7cq+pdZvOmHeJzAGnW737t7qK jWyeNuWEDY77ZZtsTPEP6J5Z2fQCISWLSnzZ9clV7d+ySuoiVMbXYWp5kQNPFfu//SkKn2W2p YBZa4t3xWA6vi6XPqGZYly54/YJf+FkMB30cWOgSq/VJeJVVAxDRb57qC3Nrv6P2nB5tAWkFA Ob+9ZuYClfKJT31AEoVqX1XjSRlh11vpEbPgHDaSnyOuiRYUol3i2gEbl5YN6o1MRy8cLTqhD Nexx4VW0tVz7OlogcRKKhQ5Byw7RunAZbjiCeX3SRcHhm0QSS/0YpIAHr/q7EM1a+XEH60ql9 TR8Z/TKkkpu4ljN12WPVaDcuiNyDtqWGpoku9ynWR4SCZe2QQHckFw/FvIX6wQ+nl55wnVuV5 t0cULdfE/jUxfhYYX5Sf7pYLskkBhXSFkKBY/Cb9/vtVNOkYKKvxhSvNymeic/WvJ2T5xFmcG m4JL1PcpEPXj4X2IN084lpu32210ECvEwGS97tj9wGXYX2SAMvhQJroSWpnIEMqTHFeufkdXC N4jY08p5f5dd5WIayRWSq33uWQ/Xry5sQIl0c/4eP82Jhb5iANjLA9Tdbfb8A1Pbcv5cCrST2 WYLfRecQt7gyeY2T1pPwBHp1Ro58ECPqlkq1fZ6BNF0I3JEYPah4vky7sd/qZl9y+F+qFLwHC fbXQUMqlozZm61bqNHeo+cijhv7nDI3Hx7kZEX0tgKINoMyyOSWHr/GpGOrwm6ESrLbcnvYuw YBRaY8hbwnbEETiaXayO7ekNE0ow6YappsYW/Pko5BVSv5L7EnSz/n6b8T32BlBea5nIYmDOS iGnMDZ6HWaAsyFhrWBXxMRfIVkljCApVDOAtM6K0gVtqOC95btlFshYkKEmxcJDzoyIDyrrt0 Ceu3yHxX+Zx0CcM536ot7W6DLmZ6m7a7I3NOVp4EtLyqC0xpg4d1oGncJVEfzNecoUq7hH3BP /GXQvN4a1jD57A2Roemh4yeY/LeGSlPCtKy
X-BeenThere: python-de@python.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Die Deutsche Python Mailingliste <python-de.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-de>, <mailto:python-de-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-de/>
List-Post: <mailto:python-de@python.org>
List-Help: <mailto:python-de-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-de>, <mailto:python-de-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <ca0c4c44-fc38-e80b-9e47-07e797ccc6ee@gmx.de>
Xref: csiph.com de.comp.lang.python:5521

Hi,

gibt es hier Cryptoexperten?

Ich habe da einen Rechner, auf dem ich einen Passwortmanager f=C3=BCr
(vorgegebene!) Passw=C3=B6rter brauchen k=C3=B6nnte, aber keine fremde Sof=
tware
ausf=C3=BChren darf, au=C3=9Fer Python2.7-Scripte.

Und ich frage mich gerade: Ist das wirklich schon alles was ich brauche,
oder habe ich einen Denkfehler?:

=2D--8<---
#!/usr/bin/python2
import hashlib, getpass

#dictionary pl mit { "Dienstname" : "crypted Text" }:
pl =3D {
         'test': 'M\xa2X\xdeU-y(\\\xad\xc8YV\x1d\x18\x9d',
         'Geheimnis': '>\xcdvA\t\x9c\x82\xb3\xd9\xd8eI\x1amh\xde',

       }

def xor(data, service, masterpassword ):
     salt =3D ( "g\x9b#\xaeG\xffM\x1a\xa3\t&;\xdb\xbe\xcd6\x04X"
            + "\xa9z\x03\x86\xb7K\xff\xa1\xd7uR`\xa1\x16\xc5"
            + "\x91\x02\xa7y;f\x9b\x19%\x86\xea" )
     initstr =3D service + salt + masterpassword
     # zum verlangsamen: * 1000000
     h =3D hashlib.sha512( initstr * 1000000 )
     key =3D h.digest()
     # Passwortlaenge verschleiern, mind. 16
     data =3D data + " " * ( 16 - len( data ) )
     while len( data ) > len( key ):
         h.update( initstr )
         key +=3D h.digest()
     return "".join( [ chr( ord( chardata ) ^ ord( charkey ) ) for (
chardata, charkey ) in zip( data, key ) ] )

if __name__ =3D=3D '__main__':
     masterpassword =3D ""
     while len( masterpassword ) < 8:
         masterpassword =3D getpass.getpass( """Geben Sie das
Master-Passwort ein: """ )
     print( "\nGespeicherte Dienste:\n" )
     for service in sorted( pl ):
         print( service )

     checked =3D False
     while True:
         service =3D raw_input("\nDienst:")
         cryptedpassword =3D pl.get( service, None )
         if cryptedpassword:
             print( xor( cryptedpassword, service, masterpassword ) )
         else:
             print( """\nDienst noch unbekannt. Bitte 2 x das zu
chiffrierende Passwort eingeben.""" )
             newpassword =3D "********"
             passw_check =3D "--------"
             while passw_check !=3D newpassword:
                 newpassword =3D passw_check
                 passw_check =3D getpass.getpass( "Neues Passwort:" )
             if checked or masterpassword =3D=3D getpass.getpass( """Geben
Sie noch mal das Master-Passwort ein: """ ):
                 checked =3D True
                 print( """\nDictionary pl im Quelltext erweitern mit:\n
%s: %s,\n""" % ( repr( service ), repr( xor( newpassword, service,
masterpassword ) ) ) )

=2D-->8---

Habe hier ein schwaches Masterpasswort verwendet,
...falls jemand mein Geheimnis knacken m=C3=B6chte ;-)

Freue mich auf R=C3=BCckmeldungen!

Gru=C3=9F
Christian