lightweight encryption of text file
Paul Rubin
no.email at nospam.invalid
Sun Jan 10 11:54:51 EST 2010
Nobody <nobody at nowhere.com> writes:
> RC4 (aka ArcFour) is quite trivial to implement, and better than inventing
> your own cipher or using a Vignere: ...
That's a cute implementation, but it has no authentication and doesn't
include any randomness, which means if you use the same key for two
inputs, there is a security failure (xor'ing the two ciphertexts reveals
the xor of the plaintexts). It also looks rather slow. I don't make
any guarantees about p3.py, but it has been reviewed by several experts
and appears to be reasonably sound for the type of casual use being
discussed here, and it is tuned for speed (given the implementation
constraints). For more demanding purposes, you should use a more
serious library like one of the OpenSSL wrappers.
More information about the Python-list
mailing list