Encryption with Python?
Robert Kern
rkern at ucsd.edu
Sat May 7 05:11:23 EDT 2005
Anthra Norell wrote:
> I rolled my own for relatively short sequences, like passwords. The key is
> an integer. To decrypt use the negative encryption key. I consider the
> encryption unbreakable, as it is indistinguishable from a random sequence.
>
> Frederic
>
> ###
>
> def crypt (sequence, key):
> import random
> sign = (key > 0) * 2 - 1
> random.seed (abs (key * sign))
> s = ''
> for i in xrange (len (sequence)):
> r = random.randint (0, 255)
> s += chr ((ord (sequence [i]) + r * sign) % 256)
> return s
The mind boggles.
You do realize that if I have two ciphertexts encrypted with the same
key, I can subtract them? Then I have a sequence, that while not
immediately readable, is just a straightforward combination of the two
plaintexts without any encryption.
This function is also vulnerable to a chosen-plaintext attack. The
underlying PRNG is definitely not suitable for cryptographic
applications. The documentation even says so!
http://docs.python.org/lib/module-random.html
"However, being completely deterministic, it is not suitable for all
purposes, and is completely unsuitable for cryptographic purposes."
Do yourself a favor and don't try to roll your own cryptographic
functions. Do everyone else a favor and don't call something
"unbreakable" unless you actually have the domain expertise to make that
determination.
And do read _Practical Cryptography_.
--
Robert Kern
rkern at ucsd.edu
"In the fields of hell where the grass grows high
Are the graves of dreams allowed to die."
-- Richard Harter
More information about the Python-list
mailing list