Best Encryption for Python Client/Server
Robert Kern
rkern at ucsd.edu
Tue Sep 20 12:42:09 EDT 2005
Ed Hotchkiss wrote:
> No worries, I apologize for my outburst. I will check out the viability
> of using an SSH module, or using pyCrypto or something to encrypt the data.
>
> Here's my mission: simple P2P class with encryption of whatever type of
> file is being sent, and authentication via encrypted user name/password.
> So any type of file or login being sent over the net, any communication
> between the scripts should be encrypted, regardless of whether it is
> client/server communication, or file transfer.
>
> Now that I've finally stated what I want to do (sorry) Is SSH a good
> option, or just using sockets with pycrypto? Thanks in advance.
As I've said before, authoring new security protocols yourself is rarely
a good idea. You *will* get it wrong even if you get the actual
encryption parts right. SSH has implemented a good security model, and
piggybacking on that is preferable to writing your own authentication
protocol. With SSH, you have two clear options, use the SCP protocol
(Secure CoPy) or doing your own file transfers through an
SSH-established and -authenticated tunnel (google:stunnel). A Python
implementation of SSH is provided by the package Paramiko.
Good luck.
--
Robert Kern
rkern at ucsd.edu
"In the fields of hell where the grass grows high
Are the graves of dreams allowed to die."
-- Richard Harter
More information about the Python-list
mailing list