Pure Python Data Mangling or Encrypting

Tue Jun 30 14:33:56 EDT 2015

On Wed, Jul 1, 2015 at 4:17 AM, Steven D'Aprano <steve at pearwood.info> wrote:
> If you can trick me into turning encryption off (say, you use a social
> engineering attack on me and convince me to delete "the virus crypto.py"),
> then I might inadvertently upload unencrypted data to you. Or maybe you
> find an attack on the application that can fool it into dropping down to
> unencrypted mode. If there's no unencrypted mode in the first place, that's
> much harder.
>
> Earlier, Chris suggested that the application might choose to import the
> crypto module, and if it's not available, just keep working without
> encryption. This hypothetical attack demonstrates that this would be a
> mistake. It's hard for an attacker to convince a naive user to open up the
> application source code and edit the code. It's easier to convince them to
> delete a file.

And I'm sure Steven knows about this, but if anyone else isn't
convinced that this is a serious vulnerability, look into various
forms of downgrade attack, such as the recent POODLE. Security doesn't
exist if an attacker can convince your program to turn it off without
your knowledge.

>>> - since you are using CRC, it is quite easy for me to ensure the
>>>   checksums match after inserting malware;
>>
>> No, you have yet *again* misunderstood the difference between the
>> client and the server.
>
> This was described as a peer-to-peer application. You even stated that it
> was a "pretty obvious" use-case, a "peer-to-peer dropbox". So is it
> peer-to-peer or client-server?

I've never managed to get any sort of grasp of what this application
actually *is*, but "peer-to-peer Dropbox" is certainly something that
it *might be*. It could be simultaneously peer-to-peer from the
human's point of view, and client-server from the application's -
imagine BitTorrent protocol, but where one end connects to a socket
that the other's listening on, and the active socket always pushes
data to the passive socket. (With BitTorrent, it's truly symmetrical -
doesn't matter who listens and who connects. But imagine if it weren't
that way.) From the software's point of view, it has two distinct
modes: server, in which it listens on a socket and receives data, and
client, in which it connects to other people's sockets and sends data.
As such, the "server" mode is the only one that receives untrusted
data from another user and stores it on the hard disk.

But this is just one theory of what the program *might* be, based on
what I've gathered in this thread. Or rather, it's a vague theory of
something that's mostly plausible, without necessarily even being
useful.

ChrisA