Python as network protocol

Steven D'Aprano steve at REMOVE-THIS-cybersource.com.au
Tue Nov 10 20:08:35 CET 2009


On Tue, 10 Nov 2009 12:28:49 -0500, geremy condra wrote:

> Steven, remember a few weeks ago when you tried to explain to me that
> the person who was storing windows administrative passwords using a 40
> byte xor cipher with the hardcoded password might not be doing something
> stupid because I didn't know what their threat model was? Yeah- what you
> just said is what I was trying to explain then.

No, I'm sure that wasn't me... perhaps some other Steven D'Aprano... from 
the Evil Dimension...

*wink*

Seriously, I'm not sure if I knew that the person was storing Windows 
admin passwords at the time. If I had, I probably would have agreed with 
you. But using a 40 byte xor cipher to obfuscate some strings in a game 
is perfectly valid -- not every locked box needs to be a safe with 18 
inch tempered steel walls.

I can only repeat what I said to Daniel: can you guarantee that the nice 
safe, low-risk environment will never change? If not, then choose a more 
realistic threat model, and build the walls of your locked box 
accordingly.


-- 
Steven



More information about the Python-list mailing list