Pure Python Data Mangling or Encrypting
Chris Angelico
rosuav at gmail.com
Thu Jun 25 05:57:20 EDT 2015
On Thu, Jun 25, 2015 at 7:41 PM, Devin Jeanpierre
<jeanpierreda at gmail.com> wrote:
>> I know that the OP doesn't propose using ROT-13, but a classical
>> substitution cipher isn't that much stronger.
>
> Yes, it is. It requires the attacker being able to see something about
> the ciphertext, unlike ROT13. But it is reasonable to suppose that
> maybe the attacker can trigger the file getting executed, at which
> point maybe you can deduce from the behavior what the starting bytes
> are...?
>
If a symmetric cipher is being used and the key is known, anyone can
simply perform a decryption operation on the desired bytes, get back a
pile of meaningless encrypted junk, and submit that. When it's
encrypted with the same key, voila! The cleartext will reappear.
Asymmetric ciphers are a bit different, though. AIUI you can't perform
a decryption without the private key, whereas you can encrypt with
only the public key. So you ought to be safe on that one; the only way
someone could deliberately craft input that, when encrypted with your
public key, produces a specific set of bytes, would be to brute-force
it. (But I might be wrong on that. I'm no crypto expert.)
ChrisA
More information about the Python-list
mailing list