rotor alternative?
John J. Lee
jjl at pobox.com
Sat Nov 22 18:57:13 EST 2003
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
[...]
> Rotor should never have been shipped with Python. If some application
[...]
Was it *really* intended as an encryption tool? I'm amazed. Hasn't
anyone on python-dev heard of Bletchley Park...??
> > However, if you're right in suspecting that anti-crypto legistlation
> > is always (or even usually) applied without exception or waiver even
> > to broken algorithms, then I agree it's pointless -- after all, AES
> > would serve just the same purpose!
>
> I'm going to have to catch up with the python-dev traffic about the
> legislation issue but I think it's silly to leave crypto out of the
> library because some regime somewhere doesn't permit its use. Apache
> 2.0 now ships with SSL by default, and I don't think its popularity or
> useability has been impaired.
Another point, of course (I say of course, but it only just occurred
to me ;-), is that you have to find the key in the first place (even
though it's sitting on your disk somewhere, in the scenario we were
discussing). I guess that's just an easy brute force search through
the appropriate disk files to find the key, but even so, probably
enough of a barrier to make it the "bottleneck of inconvenience",
hence to make rotor no better or worse than XOR as an obfuscation
tool.
John
More information about the Python-list
mailing list