encryption with python
Ron Adam
rrr at ronadam.com
Sat Sep 10 20:51:25 EDT 2005
James Stroud wrote:
> On Saturday 10 September 2005 15:02, Ron Adam wrote:
>
>>Kirk Job Sluder wrote:
>>I would think that any n digit random number not already in the data
>>base would work for an id along with a randomly generated password that
>>the student can change if they want. The service provider has full
>>access to the data with their own set of id's and passwords, so in the
>>case of a lost id, they can just look it up using the customers name
>>and/or ssn, or whatever they decide is appropriate. In the case of a
>>lost password, they can reset it and get another randomly generated
>>password.
>>
>>Or am I missing something?
>
>
> Yes and no. Yes, you are theoretically correct. No, I don't think you have the
> OP's original needs in mind (though I am mostly guessing here). The OP was
> obviously a TA who needed to assign students a number so that they could
> "anonymously" check their publicly posted grades and also so that he could do
> some internal record keeping.
>
> But, I'm thinking no one remembers college here anymore.
Last semester I took, I was able to check my grades by logging into a
web page with my student ID and using a password. The password default
was my SSN, we could change it. In any case students have read only
access and are not able to change anything. Not a big deal and very
little personal information was visible. If any one would have bothered
to look they would have simply found out I had very good grades. <shrug>
> The point is that *something has to be kept secret* for encryption security to
> work. Theoretically best would be a passphrase, or a passphrase to a really
> big key. So, perhaps we could modify the algorithm from a few messages back,
> in order to address the (assumed) *practical* considerations of the OP's
> original query:
The actual database files should not be directly reachable, except by
the appropriate data base administrators, it should send and retrieve
information based on the users access rights via a server.
Is this a case where each account is encrypted with a different key in
addition to the access rights given to each user?
Cheers,
Ron
More information about the Python-list
mailing list