Pure Python Data Mangling or Encrypting
Steven D'Aprano
steve at pearwood.info
Sat Jun 27 21:18:17 EDT 2015
On Sun, 28 Jun 2015 06:30 am, Devin Jeanpierre wrote:
> On Fri, Jun 26, 2015 at 11:16 PM, Steven D'Aprano <steve at pearwood.info>
> wrote:
>> On Sat, 27 Jun 2015 02:05 pm, Devin Jeanpierre wrote:
>>
>>> On Fri, Jun 26, 2015 at 8:38 PM, Steven D'Aprano <steve at pearwood.info>
>>> wrote:
>>>> Now you say that the application encrypts the data, except that the
>>>> user can turn that option off.
>>>>
>>>> Just make the AES encryption mandatory, not optional. Then the user
>>>> cannot upload unencrypted malicious data, and the receiver cannot read
>>>> the data. That's two problems solved.
>>>
>>> No, because another application could pretend to be the file-sending
>>> application, but send unencrypted data instead of encrypted data.
>>
>> Did you stop reading my post when you got to that? Because I went on to
>> say:
>
> At that point I quit in frustration, yeah.
>
>> "Actually, the more I think about this, the more I come to think that the
>> only way this can be secure is for both the sending client application
>> and the receiving client appl to both encrypt the data. The sender can't
>> trust the receiver not to read the files, so the sender has to encrypt;
>> the receiver can't trust the sender not to send malicious files, so the
>> receiver has to encrypt too."
>
> When you realize you've said something completely wrong, you should
> edit your email.
If both the sender and receiver encrypt the data, how is is "completely
wrong" to say that encrypting data should be mandatory?
--
Steven
More information about the Python-list
mailing list