Pure Python Data Mangling or Encrypting
Steven D'Aprano
steve at pearwood.info
Wed Jun 24 07:36:41 EDT 2015
On Wed, 24 Jun 2015 05:02 am, Randall Smith wrote:
> Chunks of data (about 2MB) are to be stored on machines using a
> peer-to-peer protocol. The recipient of these chunks can't assume that
> the payload is benign. While the data senders are supposed to encrypt
> data, that's not guaranteed, and I'd like to protect the recipient
> against exposure to nefarious data by mangling or encrypting the data
> before it is written to disk.
I don't understand how mangling the data is supposed to protect the
recipient. Don't they have the ability unmangle the data, and thus expose
themselves to whatever nasties are in the files?
If not, you can save all that time and effort implementing the peer-to-peer
business and just dump 2MB chunks of random data on their disks.
> My original idea was for the recipient to encrypt using AES. But I want
> to keep this software pure Python "batteries included" and not require
> installation of other platform-dependent software. Pure Python AES and
> even DES are just way too slow. I don't know that I really need
> encryption here, but some type of fast mangling algorithm where a bad
> actor sending a payload can't guess the output ahead of time.
Again, I don't understand your threat model here. Why does the bad actor
need to guess the mangling? Putting on my Black Hat and twirling my
moustache wickedly, I decide to send you a JPG of Goatse. (Don't google
it.) Or, a more serious threat, a zip bomb:
http://www.ghacks.net/2008/07/27/42-kilobytes-unzipped-make-45-petabytes/
or malware of some description. So I P2P you the file. How it gets encrypted
on your disk is irrelevant to me, eventually you're going to unencrypted it
and try to access it.
We need to understand what threat you are defending against before we can
advise you.
--
Steven
More information about the Python-list
mailing list