Simple encryption proposal. Comments ?

[Lulu of the Lotus-Eaters]

"Thomas Weholt" <2002 at weholt.org> wrote previously:
|I've come up with a very simple One-Time-Pad encryption scheme
|import string, whrandom, cPickle, os
                ^^^^^^^^
This rules out a OTP.  A one-time pad, by definition, is an encryption
against a true random key or the same length as the plaintext.  The
module whrandom produces a pseudo-random stream.  In particular,
whrandom is good enough for pretty good statistical distributions, but
does not have neary the entropic properties you need for cryptographic
applications.

Take a look at a famous remark from Schneier (I think from the first few
pages of _Applied Cryptography_, but I haven't pulled it out):  "There
is encryption that will keep your kid sister from reading your
documents, and then there is encryption that will keep large
corporations and government agencies from reading your document."  A
letter transposition against a non-cryptographic pseudo-random stream
will definitely keep your kid sister from breaking you encryption
(unless she happens to be a mathematical cryptographer :-)).

That said, the described technique is probably OK for the things that
rotor would be better for.  Or you could use mxCrypto/amkCrypto for
serious purposes.

Yours, Lulu...

--
Keeping medicines from the bloodstreams of the sick; food from the bellies
of the hungry; books from the hands of the uneducated; technology from the
underdeveloped; and putting advocates of freedom in prisons.  Intellectual
property is to the 21st century what the slave trade was to the 16th.