Pure Python Data Mangling or Encrypting
Steven D'Aprano
steve at pearwood.info
Sat Jun 27 02:16:38 EDT 2015
On Sat, 27 Jun 2015 02:05 pm, Devin Jeanpierre wrote:
> On Fri, Jun 26, 2015 at 8:38 PM, Steven D'Aprano <steve at pearwood.info>
> wrote:
>> Now you say that the application encrypts the data, except that the user
>> can turn that option off.
>>
>> Just make the AES encryption mandatory, not optional. Then the user
>> cannot upload unencrypted malicious data, and the receiver cannot read
>> the data. That's two problems solved.
>
> No, because another application could pretend to be the file-sending
> application, but send unencrypted data instead of encrypted data.
Did you stop reading my post when you got to that? Because I went on to say:
"Actually, the more I think about this, the more I come to think that the
only way this can be secure is for both the sending client application and
the receiving client appl to both encrypt the data. The sender can't
trust the receiver not to read the files, so the sender has to encrypt; the
receiver can't trust the sender not to send malicious files, so the
receiver has to encrypt too."
--
Steven
More information about the Python-list
mailing list