Authenticated encryption with PyCrypto
geremy condra
debatem1 at gmail.com
Tue Jan 26 21:43:17 EST 2010
On Tue, Jan 26, 2010 at 7:23 PM, Daniel <millerdev at gmail.com> wrote:
<snip>
> I understand the risks of unpickle. With strong, authenticated
> encryption I think it is reasonably safe to send an encrypted pickle
> through an untrusted medium (the Internet) and know that it has not
> been modified enroute. That is, unless someone has obtained the key,
> in which case I have a bigger problem to worry about.
>
Not to sound pedantic, but the fact that somebody is executing
exactly the malware they sent you is kind of cold comfort.
Might I suggest that a warning to that effect would be prudent?
Geremy Condra
More information about the Python-list
mailing list