[PYTHON-CRYPTO] AES in M2Crypto advice
Jason H. Smith
jason at OES.CO.TH
Mon Jun 2 19:13:17 CEST 2003
On Monday 02 June 2003 11:06 pm, Ng Pheng Siong wrote:
> Let's talk a little higher-level:
>
> Content security: encrypting your disk image so that its content is
> secure should the encrypted image fall into the wrong hands.
>
> Communication security, a la SSH or SSL: your content is secure while
> it is moving across the wire; at the end points the content is in the
> clear.
To clarify, I can explain the project. I recently posted to the Python
newsgroup, but I will briefly explain here, too.
Basically, I'm writing a Knoppix derivitive that uses zeroconf and SLP to
easily do a full backup or restore of e.g. your laptop's hard drive,
storing the image on a network file server. The server part can be
implemented farily easily by a Unix admin; but it works out of the box
with my company's upcoming file servers.
The problem is, the system administrator, or an intruder, should not have
access to, say, the CEO's laptop image; so there's the encryption
requirement. Also, I want this to be compatible with any SMB (mabye NFS)
file server, so encryption is done on the client machine before it hits
the wire. So, with that requirement, I get on-the-wire encryption for
free. And of course, the image sits on the server protected via AES and
an ostensibly strong passphrase.
(Although a TODO of mine is to use a random encryption key; and once the
backup is made, the file server burns a custom restore CD exactly like
the original except with the key hard-coded into the restore software.
This way, the security is not a matter of good or bad passphrases. Now,
it's a matter of keeping an important CDROM safe, which is much more
intuitive to your average employee.)
> What are you attempting to do? What are you protecting against? Must
> you write a new program to do the low-level crypto? Can you not compose
> existing tools to achieve your objectives?
What do you mean by low-level crypto? This is Python, after all! :p
Hopefully, though, I've clarified above.
Thanks for the implementation advice, as well. I'm relatively new to
Python and GUI programming. So I'm still boggling over the correct
approach.
Best.
--
GPG: 03EE 9EB8 E500 874A F509 7B95 9B9A 84A1 26E9 4F79
http://www.ece.utexas.edu/~jhs/public_key.gpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20030603/d441faef/attachment.pgp>
More information about the python-crypto
mailing list