Can anyone suggest a good crypto package?
Sat Sep 6 02:53:31 CEST 2008
Fett <FettManChu at gmail.com> writes:
> I am having trouble seeing how I would post the encrypted data to a
> website and get it back without it changing some.
I don't understand why it would change. I'm a little confused though,
I didn't realize you wanted to post the data to a web site. What
exactly are you trying to do?
> By replay attack I assume you mean posting old data with the signature
> that is valid for that data?
Yes, the usual case is injecting an old message into a sequence of
messages that is part of a protocol.
> Thanks for the warning, I suppose I could include a date/timestamp
> in the data.
Be aware in general that security is a messy and difficult subject and
there are a lot of subtle errors you can make. You might look at some
of the articles at www.dwheeler.com or the book "Security Engineering"
(http://www.cl.cam.ac.uk/~rja14/book.html) to see some of the issues.
More information about the Python-list