Encryption with Python?

Paul Rubin http
Mon May 9 18:59:44 EDT 2005 

"Anthra Norell" <anthra.norell at tiscalinet.ch> writes:
> I don't follow. There is no bitwise correlation between a plain-text
> character and its encoded equivalent. What's more, there is no detectable
> correlation at all. 

Your question was how could you tell if two ciphertexts were encrypted
with the same key.  Answer: suppose both plaintext are ascii strings.
Then both plaintexts have 0 as the top bit of every byte.  So do this:

   x = ciphertext1 xor ciphertext2

If ciphertext1 and ciphertext2 were encrypted with two different keys,
the top bit of x's bytes will be random-looking.  If ciphertext1 and
ciphertext2 were encrypted with the same key, the top bit of each of
x's bytes will be 0.  So just check whether the top bit of x is always
0.  If it is, then ciphertexts 1 and 2 were probably encrypted with
the same key.

> Password management is certainly a problem, but of course is totally
> unrelated to the quality of an encryption method.

You're ignoring your own question.  With a good encryption scheme,
finding out an old password doesn't tell you anything about new
messages.  With your encryption scheme, finding out an old password
leaks information about the new one.

> I agree. Depending on a situation, a solution might or might not be
> adequate.

Since good encryption schemes that don't have significant performance
penalties are widely available, why mess with a crap scheme EVER?  Why
use a solution that "might or might not be adequate" when you can use
one that's definitely ok?

> No, in fact I don't. I am quite confident that the library module 'random'
> produces random distributions.

The author of the algorithm doesn't agree with you.  The documentation
is very explicit, it's no good for cryptography, and if you study how
it works you can see that it's easily distinguishable from random.

> I don't think it would be difficult for a mathematician to prove or
> disprove the hypothesis.

It's true of a genuine random keystream, but that's not what we're
talking about.  We're talking about the output of python's random
module, which is not of cryptographic quality.  It's fine for
statistical simulations in that it doesn't have correlations that are
likely to accidentally cause trouble.  It's no good for defeating
adversaries who are looking for correlations on purpose.  Lots of
people don't understand the difference.  Please see the book "Security
Engineering" by Ross Anderson to get an idea of what you're up against.

> > Generating keystreams that are indistinguishable from random is an
> > extremely tricky subject, there are books and papers written about
> > it, etc.
> 
> I agree. I wouldn't know how to design a random generator. Fortunately I
> don't need to. I can use ready made ones.

There are good ready ones available, but the one you're proposing to
use is not one of them and was not designed to be.

> Try out the following function. You need the Image package.

That doesn't prove a thing.

More information about the Python-list mailing list