encryption with python

James Stroud jstroud at mbi.ucla.edu
Sat Sep 10 19:20:47 EDT 2005 

On Saturday 10 September 2005 15:02, Ron Adam wrote:
> Kirk Job Sluder wrote:
> I would think that any n digit random number not already in the data
> base would work for an id along with a randomly generated password that
> the student can change if they want.  The service provider has full
> access to the data with their own set of id's and passwords, so in the
> case of a lost id, they can just look it up using the customers name
> and/or ssn, or whatever they decide is appropriate. In the case of a
> lost password, they can reset it and get another randomly generated
> password.
>
> Or am I missing something?

Yes and no. Yes, you are theoretically correct. No, I don't think you have the 
OP's original needs in mind (though I am mostly guessing here).  The OP was 
obviously a TA who needed to assign students a number so that they could 
"anonymously" check their publicly posted grades and also so that he could do 
some internal record keeping. 


But, I'm thinking no one remembers college here anymore. 

When I was in college (and when I TA'd) security was kind of flimsy. TAs kept 
all records of SS#s, etc. (etc. includes birthdays here) in a gradebook (or 
the rich ones kept them on a 5 1/4" floppy). Grades were reported publicly by 
full SS#s, usually on a centralized cork-board. That was back in the 
good-ole-days, before financial fraud was euphemised to "identity theft".

When I TA'd several years later, grades were reported by the last n digits of 
the SS#. Some very security conscious TAs--or was it just me? I think it was 
just me--solicited pass phrases from each student and grades were reported 
based on the student generated pass phrase--and not on SS# or the like. These 
phrases usually came in the form of "Buffs1" or "Kitty1979" (the latter 
possibly revealing some information about a birthday, perhaps?). Some 
students didn't submit pass phrases, for whatever reason. I think I did the 
less convenient of the two most reasonable options, which was to withold 
reporting the grade to the student until they gave me a phrase. The other 
option was to use a default pass phrase of the last n digits of the SS#.

The idea of combining ID information and encrypting it to create another ID is 
a quantum leap beyond the primitive "last n digits of the SS#". Does it beat, 
in theoretical terms, assigning random numbers? No. And it certainly doesn't 
beat, in theoretical terms, my improved one-time-pad protocol (see my 
previous email). I challenge even the most capable cryptographer to beat my 
improved one-time-pad protocol for security (Oh wait, here it is: 1. Destroy 
Data.) But it is convenient, especially if you discard the original 
identifying information and store just the hashes. And as far as collisions 
go, even if a class of 10,000 gives a 1% chance of collision, who is going to 
TA a class of 10,000 students. If you can promise that kind of enrolment for 
any department, much less any single class, there is a job in an Economics 
department waiting for you out there, my friend.

So what would be the alternative to ID information generated IDs? Have a 3xDES 
encrypted database with the SS# and birthday stored as plain-text? Better 
keep the encryption protocol secret! Oops. Screwed up already. I figured out 
the encryption protocol: Encrypt database with 3xDES using a secret key. 
Dang, security through obscurity. All they have to do is to get that secret 
key and all those records are easily readable.

The point is that *something has to be kept secret* for encryption security to 
work. Theoretically best would be a passphrase, or a passphrase to a really 
big key. So, perhaps we could modify the algorithm from a few messages back, 
in order to address the (assumed) *practical* considerations of the OP's 
original query:

import sha
def encrypt(x,y, password):
    def _dosha(v): return sha.new(str(v)+str(password)).hexdigest()
    return int(_dosha(_dosha(x)+_dosha(y))[5:13],16)

So now what is the criticism? That its still a "secret algorithm" because the 
password is "secret"?

James


-- 
James Stroud
UCLA-DOE Institute for Genomics and Proteomics
Box 951570
Los Angeles, CA 90095

http://www.jamesstroud.com/

More information about the Python-list mailing list