Pure Python Data Mangling or Encrypting
Devin Jeanpierre
jeanpierreda at gmail.com
Thu Jun 25 06:18:26 EDT 2015
On Thu, Jun 25, 2015 at 2:57 AM, Chris Angelico <rosuav at gmail.com> wrote:
> On Thu, Jun 25, 2015 at 7:41 PM, Devin Jeanpierre
> <jeanpierreda at gmail.com> wrote:
>>> I know that the OP doesn't propose using ROT-13, but a classical
>>> substitution cipher isn't that much stronger.
>>
>> Yes, it is. It requires the attacker being able to see something about
>> the ciphertext, unlike ROT13. But it is reasonable to suppose that
>> maybe the attacker can trigger the file getting executed, at which
>> point maybe you can deduce from the behavior what the starting bytes
>> are...?
>>
>
> If a symmetric cipher is being used and the key is known, anyone can
> simply perform a decryption operation on the desired bytes, get back a
> pile of meaningless encrypted junk, and submit that. When it's
> encrypted with the same key, voila! The cleartext will reappear.
>
> Asymmetric ciphers are a bit different, though. AIUI you can't perform
> a decryption without the private key, whereas you can encrypt with
> only the public key. So you ought to be safe on that one; the only way
> someone could deliberately craft input that, when encrypted with your
> public key, produces a specific set of bytes, would be to brute-force
> it. (But I might be wrong on that. I'm no crypto expert.)
Yes, so it should be random.
-- Devin
More information about the Python-list
mailing list