rotor alternative?
John J. Lee
jjl at pobox.com
Thu Nov 20 08:17:31 EST 2003
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
> jjl at pobox.com (John J. Lee) writes:
> > Quite. I don't understand why it's deprecated. We've known since the
> > fifties that the algorithm is broken, so wasn't it clear from the
> > start that this was for obfuscation, not strong encryption? Shouldn't
> > we just add a warning to the docs (if there's not one there already)??
>
> No. Using weak cryptographic algorithms for obfuscation should itself
> be deprecated. If there's a need to obfuscate something, that means
> that somebody is trying to read it when you don't want them to, and
> the correct countermeasure is real encryption, not obfuscation.
First, not necessarily, if you're in a country that has legislation
controlling strong encryption (and yes, we know "that should be
fixed", but sadly we don't have that power ;-). Second, if you have
to have the key around anyway (true for some applications), it really
doesn't matter how secure the algorithm is.
Obfuscation is a perfectly sane thing to want to do, and rotor is just
a way of making reading data mildly more of a PITA than XOR. I don't
think even emacs has a decrypt-rotored-text function <0.5 wink>.
John
More information about the Python-list
mailing list