[PYTHON-CRYPTO] AES in M2Crypto advice

Jason H. Smith jason at OES.CO.TH
Mon Jun 2 19:13:17 CEST 2003 

On Monday 02 June 2003 11:06 pm, Ng Pheng Siong wrote:
> Let's talk a little higher-level:
>
> Content security: encrypting your disk image so that its content is
> secure should the encrypted image fall into the wrong hands.
>
> Communication security, a la SSH or SSL: your content is secure while
> it is moving across the wire; at the end points the content is in the
> clear.

To clarify, I can explain the project.  I recently posted to the Python 
newsgroup, but I will briefly explain here, too.

Basically, I'm writing a Knoppix derivitive that uses zeroconf and SLP to 
easily do a full backup or restore of e.g. your laptop's hard drive, 
storing the image on a network file server.  The server part can be 
implemented farily easily by a Unix admin; but it works out of the box 
with my company's upcoming file servers.

The problem is, the system administrator, or an intruder, should not have 
access to, say, the CEO's laptop image; so there's the encryption 
requirement.  Also, I want this to be compatible with any SMB (mabye NFS) 
file server, so encryption is done on the client machine before it hits 
the wire.  So, with that requirement, I get on-the-wire encryption for 
free.  And of course, the image sits on the server protected via AES and 
an ostensibly strong passphrase.

(Although a TODO of mine is to use a random encryption key; and once the 
backup is made, the file server burns a custom restore CD exactly like 
the original except with the key hard-coded into the restore software.  
This way, the security is not a matter of good or bad passphrases.  Now, 
it's a matter of keeping an important CDROM safe, which is much more 
intuitive to your average employee.)

> What are you attempting to do? What are you protecting against? Must
> you write a new program to do the low-level crypto? Can you not compose
> existing tools to achieve your objectives?

What do you mean by low-level crypto?  This is Python, after all! :p  
Hopefully, though, I've clarified above.

Thanks for the implementation advice, as well.  I'm relatively new to 
Python and GUI programming.  So I'm still boggling over the correct 
approach.

Best.

-- 
GPG: 03EE 9EB8 E500 874A F509  7B95 9B9A 84A1 26E9 4F79
http://www.ece.utexas.edu/~jhs/public_key.gpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20030603/d441faef/attachment.pgp>

More information about the python-crypto mailing list