Using Rotor with password file
colin at meeks.ca
Sun Feb 2 03:41:14 CET 2003
Paul Rubin <phr-n2003b at NOSPAMnightsong.com> wrote in
news:7x7kcjq05w.fsf at ruckus.brouhaha.com:
> "James Kew" <james.kew at btinternet.com> writes:
>> > Don't use the rotor module, it is insecure.
>> This is the second time I've seen this comment recently.
>> If it's insecure, why is it in the standard library? Should it be
>> removed (as rexec and bastion will be)? Or at least deprecated (and
>> subject to a DeprecationWarning)?
> I hadn't heard rexec and bastion will be removed. In my opinion,
> rotor should be deprecated, but I don't get to decide things like
> Here's a module you can use instead of rotor, based on the built-in
> SHA module:
> Its security should be ok. You'll have to edit out the date check.
> I'll get around to putting up a renamed version with the date check
> removed, but this whole approach is kind of a stopgap--I hope that
> Python's standard library will get some real cryptography soon.
> Apparently one obstacle in the past has been US export restrictions on
> crypto code, but those restrictions have eased up in recent years.
I've tried p2.py also, but get the same problem. Here's an example of
what I'm getting
>>> print y # where y is a line read from the users.cfg file
>>> print y # where y is the actual encoded password
Sorry for the formatting
if I try to p2.p2_decrypt(y, mykey) I get the following
Traceback (most recent call last):
File "<interactive input>", line 1, in ?
File "p2.py", line 110, in p2_decrypt
raise CryptError, "invalid key or ciphertext"
CryptError: invalid key or ciphertext
If I copy the password from the users,cfg file using a text editor in
place of y it works. It looks like a problem with the decoding of a
string with "\" characters in it
Any further ideas
More information about the Python-list