Pure Python Data Mangling or Encrypting
Michael Torrie
torriem at gmail.com
Sat Jun 27 13:02:31 EDT 2015
On 06/26/2015 03:11 PM, Johannes Bauer wrote:
> You misunderstand. This is now how it works, this is not how any of this
> works. Steven does not *at all* have to prove to you your system is
> breakable or show actual attacks. YOU have to prove that your system is
> secure.
Ahh the holy grail of computer science. Now it's been a while since I
finished my CS degree, but I recall spending a lot of time in class
talking about the proving code correctness, which is a similar problem,
and learning that that was thought to be NP complete. Furthermore you
cannot prove a negative, which is what proving security is for anything
but the trivial case.
Are you saying this is untrue?
Obviously there are best practices, which you are an expert in. But how
does one prove a system is secure except by enumerating attack vectors
and addressing each one, preferably in the design phase?
More information about the Python-list
mailing list