Hiding code from intruders, a different slant on an old question
cl at isbd.net
cl at isbd.net
Thu Oct 8 06:28:19 EDT 2015
Dennis Lee Bieber <wlfraed at ix.netcom.com> wrote:
> On Wed, 7 Oct 2015 13:05:07 +0000 (UTC), alister
> <alister.nospam.ware at ntlworld.com> declaimed the following:
>
>
> >With a simple Cesar the method is "shift the alphabet by 'X' characters
> >and X is the key
> >
> >if the key is unknown then the attacker still has to brute force the
> >method (admittedly with only 25 options this is not difficult)
>
> But who'd consider that with just one-case and alphabet only...
>
> At the least include upper, lower, numbers, and basic punctuation --
> that will add a few more cycles of computation time to break <G>
>
>
> But the other point, yes... The most used encryption systems have
> publicly known/reviewed algorithms and rely on the secrecy of the key(s).
Which makes a nonsense of using a super-secure algorithm in many cases.
If you are doing in-place symmetric file encryption then it's the
security of the key hashing algorithm that matters much more than the
actual encryption used on the file.
Using ccrypt, enc, etc. for file encryption means the password that
encodes the encryption key is saved with the file so brute-force
attacks to get the key are quite straightforward.
--
Chris Green
·
More information about the Python-list
mailing list