lightweight encryption of text file

Dave Angel davea at ieee.org
Sat Jan 9 06:05:05 EST 2010 


Anthra Norell wrote:
> <div class="moz-text-flowed" style="font-family: -moz-fixed">Daniel 
> Fetchinson wrote:
> > I have a plain text file which I would like to protect in a very
> > simple minded, yet for my purposes sufficient, way. I'd like to
> > encrypt/convert it into a binary file in such a way that possession of
> > a password allows anyone to convert it back into the original text
> > file while not possessing the password one would only see the
> > following with the standard linux utility 'file':
> >
> > [fetchinson at fetch ~]$ file encrypted.data
> > encrypted.data: data
> >
> > and the effort required to convert the file back to the original text
> > file without the password would be equivalent to guessing the
> > password.
> >
> > I'm fully aware of the security implications of this loose
> > specification, but for my purposes this would be a good solution.
> >
> > What would be the simplest way to achieve this using preferably stock
> > python without 3rd party modules? If a not too complex 3rd part
> > module made it really simple that would be acceptable too.
>
>
>
>
> Daniel,
>
> Here's what looks like another thread veering off into package-ology, 
> leaving a stumped OP behind.
>
> "Don't use a random generator for encryption purposes!" warns the 
> manual, of which fact I was reminded in no uncertain terms on this 
> forum a few years ago when I proposed the following little routine in 
> response to a post very similar to yours. One critic challenged me to 
> encode my credit card data and post it. Which I did. Upon which 
> another critic conjured up the horror vision of gigahertzes hacking my 
> pathetic little effort to pieces as I was reading his message. Of the 
> well-meaning kind, he urged me to put an immediate stop to this 
> foolishness. I didn't.
>
> No unplanned expenditures ensued.
>
> Or to quote ... I forget who: Fools and innovators are people who 
> don't care much about what one is not supposed to do.
>
> So, take or leave what follows for what it is worth or not worth, I am 
> confident it works and would serve your purpose, which, as I 
> understand, is not to write a text book on cryptology.
>
> Regards
>
> Frederic
>
> <snip>
The problem I'd have with this approach (not studied in detail), is that 
there's no reason that next year's Python must use the same random 
number generator, or the same shuffle algorithm.  So in order to assure 
that "encrypted" archives will be recoverable, one should store with 
them the CPython implementation, in source form, just in case that's 
needed to reconstruct things.

DaveA

More information about the Python-list mailing list