Python as network protocol
Steven D'Aprano
steve at REMOVE-THIS-cybersource.com.au
Tue Nov 10 14:08:35 EST 2009
On Tue, 10 Nov 2009 12:28:49 -0500, geremy condra wrote:
> Steven, remember a few weeks ago when you tried to explain to me that
> the person who was storing windows administrative passwords using a 40
> byte xor cipher with the hardcoded password might not be doing something
> stupid because I didn't know what their threat model was? Yeah- what you
> just said is what I was trying to explain then.
No, I'm sure that wasn't me... perhaps some other Steven D'Aprano... from
the Evil Dimension...
*wink*
Seriously, I'm not sure if I knew that the person was storing Windows
admin passwords at the time. If I had, I probably would have agreed with
you. But using a 40 byte xor cipher to obfuscate some strings in a game
is perfectly valid -- not every locked box needs to be a safe with 18
inch tempered steel walls.
I can only repeat what I said to Daniel: can you guarantee that the nice
safe, low-risk environment will never change? If not, then choose a more
realistic threat model, and build the walls of your locked box
accordingly.
--
Steven
More information about the Python-list
mailing list