Simple encryption proposal. Comments ?

Thomas Weholt 2002 at weholt.org
Tue Dec 31 08:44:42 EST 2002 

Eh ... after numerous replies I understand that a more appropriate title
would have been "Simple obfuscation proposal" or something, perhaps with the
word VERY in front of it, in bold, -- with stars around it. People working
with encryption seem to take this extremly serious judging from some of the
strong reactions I've got to my posting. A good thing in times when
government all around the world are hysterical and want to have us all under
surveilance. Let's put my attempt in Bruce Schneiers "safe from your kid
sister"-category. It makes it a bit harder to read my HTTP-cookies than
using just base64. That was my goal.

I asked for comments and c.l.p gave me enlightenment and proposed
alternative solutions once again. Thanks. :-)

Best regards,
Thomas

"Anthony Baxter" <anthony at interlink.com.au> wrote in message
news:mailman.1041312486.8095.python-list at python.org...
>
> >>> "Thomas Weholt" wrote
> > I've come up with a very simple One-Time-Pad encryption scheme, inspired
by
> > the book "Applied Cryptography" by Bruce Schneier, page 15, Chapter 1.
>
> Perhaps you should read Applied Cryptography more closely. You're not
> creating a one-time-pad here.
>
> >     def generatePad(self):
> >         self.pad_in = {}
> >         self.pad_out = {}
> >
> >         while self.UPPER:
> >             c = self.UPPER.pop()
> >             d = self.LOWER[whrandom.randint(0, len(self.LOWER)-1)]
> >             self.LOWER.remove(d)
> >             self.pad_in[c.lower()] = d
> >             self.pad_out[d] = c.lower()
>
> I've only got the first edition here at home with me, but, from the
> bottom of page 14, continuing on to page 15:
>
>     The caveat, and this is a big one, is that the key letters have to be
>   generated randomly. [ snip ]
>     Using a pseudo-random number generator doesn't count.
>     ----- - ------------- ------ --------- ------- -----
>
> If you read Bruce's monthly 'Crypto-Gram' newsletter, most months he'll
> have a 'Doghouse' section, with bogus crypto products. A suprising number
> or them are bogus not-really-a-one-time-pad.
>
> You're not even trying to generate a decent random seed, for god's sake!
>
> This isn't a one-time pad. If you use this in an application where you
> care about the security (and, conversely, someone else cares about
> breaking the security) you're a danger to yourself and a hazard to others.
:)
>
> Anthony
>

More information about the Python-list mailing list