Pure Python Data Mangling or Encrypting
Jon Ribbens
jon+usenet at unequivocal.co.uk
Sun Jun 28 09:41:59 EDT 2015
On 2015-06-27, Steven D'Aprano <steve at pearwood.info> wrote:
> Despite his initial claim that he doesn't want to use AES because it's too
> slow implemented as pure Python, Randall has said that the application will
> offer AES encryption as an option. (He says it is enabled by default,
> except that the user can turn it off.) So the code is already there, all he
> has to do is call it.
You're still not listening to what he's saying. Everything you have
said in the above paragraph is false. He said he is using AES
encryption in the client, but that the server does not have the
processing power to do so (nor does it need to). He has not said
that the user "can turn it off", he's just acknowledging the fact
that since the user controls their own computer, they can rewrite
the client code to do whatever they want, and there's nothing he
can do to stop them.
> The choice ought to be a no-brainer. The fact that folks are seriously
> considering using something barely one step up from a medieval substitution
> cipher in 2015 for something with real security consequences if it is
> broken goes to show what a lousy job the IT industry does for security.
The fact that you think that is happening when it isn't shows what
a lousy job you have been doing of following the thread.
More information about the Python-list
mailing list