Can anyone suggest a good crypto package?

Fett FettManChu at gmail.com
Fri Sep 5 17:08:26 CEST 2008


On Sep 4, 8:04 pm, Paul Rubin <http://phr...@NOSPAM.invalid> wrote:
> If you just want to authenticate the strings without confidentiality,
> use the built-in HMAC module.  But beware of replay attacks.

I looked into this and it looks like I might be able to get by with
this. I didn't find this function before, I am asking my primary
customer if the signature would be sufficient.

I am having trouble seeing how I would post the encrypted data to a
website and get it back without it changing some. So this option might
work better for me (at least quicker), if he's ok with that option.

By replay attack I assume you mean posting old data with the signature
that is valid for that data? Thanks for the warning, I suppose I could
include a date/timestamp in the data.

Thanks again, this has been very helpful.



More information about the Python-list mailing list