rotor alternative?

Dave Brueck dave at pythonapocrypha.com
Wed Nov 19 11:09:54 EST 2003 

Peter Hansen wrote:
> "John J. Lee" wrote:
> >
> > "Dave Brueck" <dave at pythonapocrypha.com> writes:
> >
> > > Robin wrote:
> > > > It seems that the rotor module is being deprecated in 2.3, but there
> > > > doesn't seem to be an obvious alternative. I'm using it just for
> > [...Dave has switched to AES]
> > > Since I'm not going to great lengths to hide the key, it works out to be
about
> > > the same strength of encryption as rotor. ;-)
> >
> > Quite.  I don't understand why it's deprecated.  We've known since the
> > fifties that the algorithm is broken, so wasn't it clear from the
> > start that this was for obfuscation, not strong encryption?  Shouldn't
> > we just add a warning to the docs (if there's not one there already)??
>
> If it's really for obfuscation, wouldn't a simpler algorithm be
> sufficient, such as "XOR each byte with 0x5A" or something like that?
>
> If the answer is "no, that's too easy to break", then it's not really
> just for obfuscation, is it?

I understand what you mean, but obfuscation _is_ a form of encryption, just one
that's understood to be on the weak side (so the above may be considered "too
weak"). Rather than being _either_ obfuscation _or_ encryption, they really are
just different points on a broad data protection spectrum.

Rotor was nice because for very little costs in terms of CPU / coding nuisance
you could protect semi-sensitive data from nearly everyone. Sure it's
strength-per-bit-of-key-size doesn't stack up well against more modern
algorithms, but for the vast majority of users (including myself) data
encrypted with rotor or AES is, for all practical purposes, equally
untouchable. As a built-in data obfuscator, rotor filled about 99% of my
"security" needs.

Hmmm... the more I think about it I guess the root cause of the problem is the
archaic, goofy encryption export laws of the U.S.. If Python could ship with
AES or 3DES and I'd use that, but right now adding an external encryption
package just to tell casual snoopers, "it's not worth your time to crack this
file - keep moving" seems so over the top.

-Dave

More information about the Python-list mailing list