Peer review: Python encyphering script

A. Jones netzapper at
Thu Feb 28 07:30:15 CET 2002

On Thu, 28 Feb 2002 04:46:31 GMT, QnickQm at (Nick
Mathewson) wrote:

>First of all, this cipher is a bit suspicious.  It has the undesirable
>property that the frequency counts of the characters in the ciphertext
>are the same as in the plaintext.  That is to say, if I know you're
>sending either "attack at dawn" or "run for your lives", it's easy for
>me to tell which one you sent.

Yeah.  I've designed dozens of ciphers before, all of which fail
horribly the second I think about frequency analysis.  On the other
hand, I've never tried actual encryption... I don't quite grok modular
mathematics yet enough to do anything but monkey-see-monkey-do copies
of other opensource ciphers.

>Secondly, this cipher doesn't buy you a lot: The key is as long as the
>plaintext.  If you have a secure place to store the key, you would
>presumably use that place to store the plaintext as well.

This is one of the things I noticed as I played with it (not that I
didn't know it before I started, but it seemed to matter less at the

>Third, the scrambling step is more crucial than you think.  Without
>scrambling, if I see the key-portion of a message, I'll have a pretty
>good idea which parts of the message go where: indices for low letters
>earlier than indices for high ones.  But with scrambling, the quality
>of your cipher is limited by the power of your random number

I figured as much.  But, I don't know enough Python yet to want to
play with the offsets randomly, ya' know?

>For a deeper introduction to cryptography, you may want to get a copy
>of Schneier's _Applied Cryptography_, or read the FAQs from sci.crypt.


>Well, I hope this that didn't dampen your entusiasm for Python!
>You're off to a good start (esp. for two days!), and I hope we'll hear
>more of you in the future!

Good Lord, no, it didn't dampen my enthusiasm.  Hell, it only
heightens it knowing that there're people in this community who're
willing to take a look at a total newbie's code and then spend the
time not only commenting but actually *re-writing* it.  Thank you.

Aubrey Jones

More information about the Python-list mailing list