Can anyone suggest a good crypto package?

Paul Rubin http
Sat Sep 6 02:53:31 CEST 2008


Fett <FettManChu at gmail.com> writes:
> I am having trouble seeing how I would post the encrypted data to a
> website and get it back without it changing some. 

I don't understand why it would change.  I'm a little confused though,
I didn't realize you wanted to post the data to a web site.  What
exactly are you trying to do?

> By replay attack I assume you mean posting old data with the signature
> that is valid for that data? 

Yes, the usual case is injecting an old message into a sequence of
messages that is part of a protocol.

> Thanks for the warning, I suppose I could include a date/timestamp
> in the data.

Be aware in general that security is a messy and difficult subject and
there are a lot of subtle errors you can make.  You might look at some
of the articles at www.dwheeler.com or the book "Security Engineering"
(http://www.cl.cam.ac.uk/~rja14/book.html) to see some of the issues.



More information about the Python-list mailing list