encryption with python

Ron Adam rrr at ronadam.com
Sat Sep 10 20:51:25 EDT 2005 

James Stroud wrote:
> On Saturday 10 September 2005 15:02, Ron Adam wrote:
> 
>>Kirk Job Sluder wrote:
>>I would think that any n digit random number not already in the data
>>base would work for an id along with a randomly generated password that
>>the student can change if they want.  The service provider has full
>>access to the data with their own set of id's and passwords, so in the
>>case of a lost id, they can just look it up using the customers name
>>and/or ssn, or whatever they decide is appropriate. In the case of a
>>lost password, they can reset it and get another randomly generated
>>password.
>>
>>Or am I missing something?
> 
> 
> Yes and no. Yes, you are theoretically correct. No, I don't think you have the 
> OP's original needs in mind (though I am mostly guessing here).  The OP was 
> obviously a TA who needed to assign students a number so that they could 
> "anonymously" check their publicly posted grades and also so that he could do 
> some internal record keeping. 
 >
> But, I'm thinking no one remembers college here anymore. 

Last semester I took, I was able to check my grades by logging into a 
web page with my student ID and using a password.  The password default 
was my SSN, we could change it. In any case students have read only 
access and are not able to change anything.  Not a big deal and very 
little personal information was visible.  If any one would have bothered 
to look they would have simply found out I had very good grades.  <shrug>


> The point is that *something has to be kept secret* for encryption security to 
> work. Theoretically best would be a passphrase, or a passphrase to a really 
> big key. So, perhaps we could modify the algorithm from a few messages back, 
> in order to address the (assumed) *practical* considerations of the OP's 
> original query:

The actual database files should not be directly reachable, except by 
the appropriate data base administrators, it should send and retrieve 
information based on the users access rights via a server.

Is this a case where each account is encrypted with a different key in 
addition to the access rights given to each user?

Cheers,
Ron

More information about the Python-list mailing list