Pure Python Data Mangling or Encrypting
Johannes Bauer
dfnsonfsduifb at gmx.de
Sat Jun 27 05:07:14 EDT 2015
On 27.06.2015 10:53, Chris Angelico wrote:
> On Sat, Jun 27, 2015 at 6:38 PM, Steven D'Aprano <steve at pearwood.info> wrote:
>> I'm not a security expert. I'm not even a talented amateur. *Every time* I
>> suggest that "X is secure", the security guy at work shoots me down in
>> flames. But nicely, because I pay his wages <wink>
>
> Just out of interest, is _anybody_ active in this thread an expert on
> security?
Yes. I've done a good 10 years of work in the field doing security
(mostly applied cryptography on embedded systems with a focus on side
channels like DPA, but also security concepts and threat/risk analysis)
and spent the last 3-4 years working on my PhD in the field of IT
security. My thesis is almost(tm) finished. I would claim to be an
expert, yes.
> I certainly am not, which means that the proposal I'm
> currently putting together probably has a whole bunch of
> vulnerabilities that I haven't thought of. (Though there's no emphasis
> on encryption anywhere, just signing. I'm *hoping* that RSA public key
> verification is sufficient, but if it isn't, it would be possible for
> a malicious user to make a serious mess of stuff.) But I'm under no
> delusions. I don't say "this is secure" - all I'm saying is "this
> works in proof-of-concept".
I must admit that I haven't seen your ideas in this thread?
Best regards,
Johannes
--
>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
- Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1 at speranza.aioe.org>
More information about the Python-list
mailing list