help to convert c++ fonction in python

geremy condra debatem1 at gmail.com
Tue Oct 20 08:51:20 CEST 2009


On Tue, Oct 20, 2009 at 2:06 AM, Robert Kern <robert.kern at gmail.com> wrote:
> Steven D'Aprano wrote:
>>
>> On Sat, 17 Oct 2009 19:48:46 -0400, geremy condra wrote:
>>
>>> For the love of baby kittens, please, please, please tell me that you do
>>> not believe this securely encrypts your data.
>>
>> Surely that depends on your threat model?
>
> Well, let's let the OP off the hook immediately. He's just trying to
> interoperate with another piece of software that wrote WPKG. So let's put
> all of the blame, if any, on the WPKG authors.
>

True enough. I wrote to the WPKG mailing list and offered to provide
a patch to migrate them to a standard (and reasonably secure)
cryptosystem, but despite a number of enthusiastic replies from board
members, I've heard nothing from anybody with commit access.

> I would say that this form of obfuscation is totally inadequate for WPKG's
> actual threat model. The WPKG server, which performs unattended software
> installation, appears to run with a very high level of privilege in Windows.
> It implements its own authentication mechanism to allow low privilege
> clients to access it and install software.
>
>  http://wpkg.org/System_User
>
> It seems like the threat model has a large attack surface for a small
> investment. You don't need NSA level attacks here, just a typical hacker's
> job. It's certainly not unreasonable for this to be an easier target than
> social engineering for a largish payoff (remote software deployment across
> an entire IT infrastructure).
>
> But perhaps this might be an acceptable choice if one were familiar with
> one's own IT infrastructure and were implementing this oneself, but to
> distribute this to other people....
>
> And the thing is, it is actually pretty damn easy to do something standard
> and possibly-secure than it is to roll-your-own definitely-insecure system.
> It really doesn't buy you anything. There's just no reason to complicate
> matters. There is nothing here to justify bad crypto.
>
> --
> Robert Kern

Well said.

Geremy Condra



More information about the Python-list mailing list