TCP Server sitting behind a proxy

Will Stuyvesant hwlgw at hotmail.com
Sun Feb 16 06:38:00 EST 2003 

[Paul Rubin]
> hwlgw at hotmail.com (Will Stuyvesant) writes:
> > import pycrypt   # wishlist module
> > secret = 'mysecret'
> > encoded = pycrypt.encrypt('message', secret)
> > decoded = pycrypt.decrypt(encoded, secret)
> > assert( decoded == 'message')
> 
> See http://www.nightsong.com/phr/crypto/p2.py for this.  Remove the
> date check for your own installation.  I -really- have to put up a
> renamed version without the date check.

I tried to use p2.py.  But it produces weird characters...I need
something that produces characters that can be used as CGI parameter
values.  I also didn't quite understand if function _hash(...) has to
be called on every import (like it happens now in your module), maybe
that needs some documentation.

Even translating to a CGI-suitable variable set is not so easy, not to
say 'Orrible!

Beware of relying on the binascii module for encoding and decoding
stuff, it is not reliable across Python versions (my host forces me to
use Python 1.5.2):

Python 1.5.2:

C:\Program Files\Apache Group\Apache\cgi-bin>c:\usr\bin\python.exe
Python 1.5.2 (#0, Apr 13 1999, 10:51:12) [MSC 32 bit (Intel)] on win32
Copyright 1991-1995 Stichting Mathematisch Centrum, Amsterdam
>>> import binascii
>>> name = binascii.a2b_base64('xeTY====')
>>> name
'\305\344'

Python 2.2.2:

C:\Program Files\Apache Group\Apache\cgi-bin>python
Python 2.2.2 (#37, Oct 14 2002, 17:02:34) [MSC 32 bit (Intel)] on
win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import binascii
>>> name = binascii.a2b_base64('xeTY====')
>>> name
'\xc5\xe4\xd8'

Not only is the representation changed to hex, but also the 1.5.2
version *is missing a character*!

The base64 module has been "improved" to use binascii, since Python
1.4 or
so. 

I am still looking for a good way to encrypt binary data to characters
in the set string.letters, or maybe string.letters+string.digits.  I
need this for "secret" CGI parameters that must be send via CGI-GET,
in those parameters you can not have '=' or '&' or '?' in your encoded
string, and maybe other characters give problems too.  The encoding
itself doesn't have to be state-of-the-art, I'd be happy to use rotor
and would have quite a lot of fun if I see somebody breaking it.


-- 
anotherweekenddebugging

More information about the Python-list mailing list