Pure Python Data Mangling or Encrypting

Johannes Bauer dfnsonfsduifb at gmx.de
Fri Jun 26 18:42:52 EDT 2015 

On 26.06.2015 23:29, Jon Ribbens wrote:

>> While you seem to think that Steven is rampaging about nothing, he does
>> have a fair point: You consistently were vague about wheter you want to
>> have encryption, authentication or obfuscation of data. This suggests
>> that you may not be so sure yourself what it is you actually want.
> 
> He hasn't been vague, you and Steven just haven't been paying
> attention.

Bullshit. Even the topic indicates that he doesn't know what he wants:
"data mangling" or "encryption", which one is it?

>> You always play around with the 256! which would be a ridiculously high
>> security margin (1684 bits of security, woooo!). You totally ignore that
>> the system can be broken in a linear fashion.
> 
> No, it can't, because the attacker does not have access to the
> ciphertext.

Or so you claim.

I could go into detail about how the assumtion that the ciphertext is
secret is not a smart one in the context of cryptography. And how side
channels and other leakage may affect overall system security. But I'm
going to save my time on that. I do get paid to review cryptographic
systems and part of the job is dealing with belligerent people who have
read Schneier's blog and think they can outsmart anyone else. Since I
don't get paid to convice you, it's absolutely fine that you think your
substitution scheme is the grand prize.

>> Nobody assumes you're a moron. But it's safe to assume that you're a
>> crypto layman, because only laymen have no clue on how difficult it is
>> to get cryptography even remotely right.
> 
> Amateur crypto is indeed a bad idea. But what you're still not getting
> is that what he's doing here *isn't crypto*. 

So the topic says "Encrypting". If you look really closely at the word,
the part "crypt" might give away to you that cryptography is involved.

> He's just trying to avoid
> letting third parties write completely arbitrary data to the disk.

There's your requirement. Then there's obviously some kind of
implication when a third party *can* write arbitrary data to disk. And
your other solution to that problem...

> You
> know what would be a perfectly good solution to his problem? Base 64
> encoding. That would solve the issue pretty much completely, the only
> reason it's not an ideal solution is that it of course increases the
> size of the data.

...wow.

That's a nice interpretation of not letting a third party write
completely arbitrary data. According to your definition, this would be:
It's okay if the attacker can control 6 of 8 bits.

>> That people in 2015 actually defend inventing a substitution-cipher
>> "crypto"system sends literally shivers down my spine.
> 
> Nobody is defending such a thing, you just haven't understood what
> problem is being solved here.

Oh I understand your "solutions" plenty well. The only thing I don't
understand is why you don't own a Fields medal yet for your
groundbreaking work on bulletproof obfuscation.

Cheers,
Johannes

-- 
>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
 - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1 at speranza.aioe.org>

More information about the Python-list mailing list