Pure Python Data Mangling or Encrypting

[Jon Ribbens]

On 2015-06-30, Steven D'Aprano <steve at pearwood.info> wrote:
> I don't think there has been much research into keeping at least *some*
> security even when keys have been compromised, apart from as it relates to
> two-factor authentication.

That's because "the key" is all the secret part. If an attacker knows
the algorithm, and the key, and the ciphertext, then *by definition*
all is lost. If you mean keeping the algorithm secret too then that's
just considered bad crypto.

> In the past, and still today among people who don't understand Kerckhoffs'
> principle, people have tried to keep the cipher secret and not have a key
> at all. E.g. atbash, or caesar cipher, which once upon a time were cutting
> edge ciphers, as laughably insecure as they are today. If the method was
> compromised, all was lost. 

Caesar cipher has a key. It's just very small, so is easy to guess.

> Today, if the key is compromised, all is lost. Is it possible that there are
> ciphers that are resistant to discovery of the key? Obviously if you know
> the key you can read encrypted messages, that's what the key is for, but
> there are scenarios where you would want security to degrade gracefully
> instead of in a brittle all-or-nothing manner:
>
> - even if the attacker can read my messages, he cannot tamper with 
>   them or write new ones as me.

I suppose that could be achieved by having separate encryption and
signing keys, but you could do the same but better by encrypting
with multiple algorithms. It's not an unstudied area:
https://en.wikipedia.org/wiki/Multiple_encryption