Pure Python Data Mangling or Encrypting

Fri Jun 26 19:26:33 EDT 2015

Johannes, I agree with a lot of what you say, but can you please have
less of a mean attitude?

-- Devin

On Fri, Jun 26, 2015 at 3:42 PM, Johannes Bauer <dfnsonfsduifb at gmx.de> wrote:
> On 26.06.2015 23:29, Jon Ribbens wrote:
>
>>> While you seem to think that Steven is rampaging about nothing, he does
>>> have a fair point: You consistently were vague about wheter you want to
>>> have encryption, authentication or obfuscation of data. This suggests
>>> that you may not be so sure yourself what it is you actually want.
>>
>> He hasn't been vague, you and Steven just haven't been paying
>> attention.
>
> Bullshit. Even the topic indicates that he doesn't know what he wants:
> "data mangling" or "encryption", which one is it?
>
>>> You always play around with the 256! which would be a ridiculously high
>>> security margin (1684 bits of security, woooo!). You totally ignore that
>>> the system can be broken in a linear fashion.
>>
>> No, it can't, because the attacker does not have access to the
>> ciphertext.
>
> Or so you claim.
>
> I could go into detail about how the assumtion that the ciphertext is
> secret is not a smart one in the context of cryptography. And how side
> channels and other leakage may affect overall system security. But I'm
> going to save my time on that. I do get paid to review cryptographic
> systems and part of the job is dealing with belligerent people who have
> read Schneier's blog and think they can outsmart anyone else. Since I
> don't get paid to convice you, it's absolutely fine that you think your
> substitution scheme is the grand prize.
>
>>> Nobody assumes you're a moron. But it's safe to assume that you're a
>>> crypto layman, because only laymen have no clue on how difficult it is
>>> to get cryptography even remotely right.
>>
>> Amateur crypto is indeed a bad idea. But what you're still not getting
>> is that what he's doing here *isn't crypto*.
>
> So the topic says "Encrypting". If you look really closely at the word,
> the part "crypt" might give away to you that cryptography is involved.
>
>> He's just trying to avoid
>> letting third parties write completely arbitrary data to the disk.
>
> There's your requirement. Then there's obviously some kind of
> implication when a third party *can* write arbitrary data to disk. And
> your other solution to that problem...
>
>> You
>> know what would be a perfectly good solution to his problem? Base 64
>> encoding. That would solve the issue pretty much completely, the only
>> reason it's not an ideal solution is that it of course increases the
>> size of the data.
>
> ...wow.
>
> That's a nice interpretation of not letting a third party write
> completely arbitrary data. According to your definition, this would be:
> It's okay if the attacker can control 6 of 8 bits.
>
>>> That people in 2015 actually defend inventing a substitution-cipher
>>> "crypto"system sends literally shivers down my spine.
>>
>> Nobody is defending such a thing, you just haven't understood what
>> problem is being solved here.
>
> Oh I understand your "solutions" plenty well. The only thing I don't
> understand is why you don't own a Fields medal yet for your
> groundbreaking work on bulletproof obfuscation.
>
> Cheers,
> Johannes
>
> --
>>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
>> Zumindest nicht öffentlich!
> Ah, der neueste und bis heute genialste Streich unsere großen
> Kosmologen: Die Geheim-Vorhersage.
>  - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1 at speranza.aioe.org>
> --
> https://mail.python.org/mailman/listinfo/python-list