Using Rotor with password file

Colin Meeks colin at
Sun Feb 2 03:41:14 CET 2003

Paul Rubin <phr-n2003b at> wrote in
news:7x7kcjq05w.fsf at 

> "James Kew" <james.kew at> writes:
>> > Don't use the rotor module, it is insecure.
>> This is the second time I've seen this comment recently.
>> If it's insecure, why is it in the standard library? Should it be
>> removed (as rexec and bastion will be)? Or at least deprecated (and
>> subject to a DeprecationWarning)?
> I hadn't heard rexec and bastion will be removed.  In my opinion,
> rotor should be deprecated, but I don't get to decide things like
> that.
> Here's a module you can use instead of rotor, based on the built-in
> SHA module:
> Its security should be ok.  You'll have to edit out the date check.
> I'll get around to putting up a renamed version with the date check
> removed, but this whole approach is kind of a stopgap--I hope that
> Python's standard library will get some real cryptography soon.
> Apparently one obstacle in the past has been US export restrictions on
> crypto code, but those restrictions have eased up in recent years.

I've tried also, but get the same problem.  Here's an example of 
what I'm getting

>>> print y # where y is a line read from the users.cfg file
['colboy', '\\xcc\\x0f\\xb0t\\xac"\\x87o\\xc8F;\\x90\\xfb\\xbf\\x7f
\\xdf"v\\xe6\\x00\\x16\\xc50%\\x11\\xe9Zc[\\xae_', '1\n']

>>> print y[1] # where y[1] is the actual encoded password

Sorry for the formatting

if I try to p2.p2_decrypt(y[1], mykey) I get the following

Traceback (most recent call last):
  File "<interactive input>", line 1, in ?
  File "", line 110, in p2_decrypt
    raise CryptError, "invalid key or ciphertext"
CryptError: invalid key or ciphertext

If I copy the password from the users,cfg file using a text editor in
place of y[1] it works.  It looks like a problem with the decoding of a 
string with "\" characters in it

Any further ideas


More information about the Python-list mailing list