Python as network protocol
geremy condra
debatem1 at gmail.com
Tue Nov 10 18:48:55 EST 2009
On Tue, Nov 10, 2009 at 2:08 PM, Steven D'Aprano
<steve at remove-this-cybersource.com.au> wrote:
> On Tue, 10 Nov 2009 12:28:49 -0500, geremy condra wrote:
>
>> Steven, remember a few weeks ago when you tried to explain to me that
>> the person who was storing windows administrative passwords using a 40
>> byte xor cipher with the hardcoded password might not be doing something
>> stupid because I didn't know what their threat model was? Yeah- what you
>> just said is what I was trying to explain then.
>
> No, I'm sure that wasn't me... perhaps some other Steven D'Aprano... from
> the Evil Dimension...
>
> *wink*
I think I saw a mustache on him. Probably evil.
> Seriously, I'm not sure if I knew that the person was storing Windows
> admin passwords at the time. If I had, I probably would have agreed with
> you. But using a 40 byte xor cipher to obfuscate some strings in a game
> is perfectly valid -- not every locked box needs to be a safe with 18
> inch tempered steel walls.
Granted, and I am going to be able to give a very nice talk on how not
to do cryptography partially as a result of that particularly egregious bit of
silliness, so I guess I can't complain too much.
> I can only repeat what I said to Daniel: can you guarantee that the nice
> safe, low-risk environment will never change? If not, then choose a more
> realistic threat model, and build the walls of your locked box
> accordingly.
Or, plan on becoming part of one of my presentations in a few years.
Either way works for me.
Geremy Condra
More information about the Python-list
mailing list