Can anyone suggest a good crypto package?
Paul Rubin
http
Thu Sep 4 21:04:44 EDT 2008
Fett <FettManChu at gmail.com> writes:
> Wow, I have no idea how that works, but I think it will do nicely. The
> main goal is simply to ensure that data coming in (from a website), is
> valid (ie. posted by me).
If you just want to authenticate the strings without confidentiality,
use the built-in HMAC module. But beware of replay attacks.
> Thank you, I think we have a winner. (BTW, I have no idea how this
> whole encrypting gives many strings, decrypting all gives the correct
> one works,
The plaintext gets a random string attached at encryption time, and
the random string gets removed at decryption. Of course there are
many possible random strings, so many possible ciphertexts for each
plaintext. That means the ciphertext is a necessarily somewhat longer
than the plaintext, so you have to be willing to deal with that.
Note there's possibly a lot of other subtle issues you have to be
careful of, like if you're authenticating a series of messages, how do
you detect if one has been repeated or dropped from the middle?
Until you've got all that figured out, you are leaving attacks possible.
More information about the Python-list
mailing list