Pure Python Data Mangling or Encrypting

Steven D'Aprano steve at pearwood.info
Tue Jun 30 14:59:43 EDT 2015 

On Wed, 1 Jul 2015 03:39 am, Randall Smith wrote:

> On 06/29/2015 10:00 PM, Steven D'Aprano wrote:

>> I'm making an assumption here -- I assume that the sender records a
>> checksum for uploaded files so that when they get something back again
>> they can tell whether or not it is the same content they uploaded.
> 
> Yes.  The client software computes sha256 checksums.

Thanks for clarifying.


[...]
>> His comment was, "don't leak the key".
> 
> I'm pretty sure all encryption hinges on guarding the key.

That would be Kerckhoffs' Principle, also known as Shannon's Maxim.

I don't think there has been much research into keeping at least *some*
security even when keys have been compromised, apart from as it relates to
two-factor authentication. (Assume that other people know the password to
your bank account. They can read your balance, but they can't steal your
money unless they first steal your phone or RSA token.)

In the past, and still today among people who don't understand Kerckhoffs'
principle, people have tried to keep the cipher secret and not have a key
at all. E.g. atbash, or caesar cipher, which once upon a time were cutting
edge ciphers, as laughably insecure as they are today. If the method was
compromised, all was lost. 

Today, if the key is compromised, all is lost. Is it possible that there are
ciphers that are resistant to discovery of the key? Obviously if you know
the key you can read encrypted messages, that's what the key is for, but
there are scenarios where you would want security to degrade gracefully
instead of in a brittle all-or-nothing manner:

- even if the attacker can read my messages, he cannot tamper with 
  them or write new ones as me.

(I'm pretty sure that, for example, the military would consider it horrible
if the enemy could listen in on their communications, but *even worse* if
the enemy could send false orders that appear to be legitimate.)

Sixty years ago, the idea of having a separate encryption key that you keep
secret and a decryption key that you can give out to everyone (public key
encryption) probably would have seemed ridiculous too.



-- 
Steven

More information about the Python-list mailing list