help to convert c++ fonction in python

geremy condra debatem1 at gmail.com
Wed Oct 21 11:50:45 EDT 2009 

On Wed, Oct 21, 2009 at 3:28 AM, Processor-Dev1l
<processor.dev1l at gmail.com> wrote:
> On Oct 18, 8:13 am, Toff <christophed... at gmail.com> wrote:
>> On 18 oct, 02:13, geremy condra <debat... at gmail.com> wrote:
>>
>>
>>
>> > On Sat, Oct 17, 2009 at 7:57 PM, David Robinow <drobi... at gmail.com> wrote:
>> > > On Sat, Oct 17, 2009 at 7:48 PM, geremy condra <debat... at gmail.com> wrote:
>> > >> For the love of baby kittens, please, please, please tell me that
>> > >> you do not believe this securely encrypts your data.
>> > >  Yeah, I think it's pretty good.
>> > > Can you do better?
>>
>> > Trivially. Use AES, 3DES, any standard cryptosystem- there are
>> > literally dozens of excellent, well-studied implementations in
>> > both C++ and Python, and hardware implementations on many
>> > processors.
>>
>> > The cipher listed will fall in a single round of chosen plaintext
>> > attacks or chosen ciphertext attacks, and with a keylength of
>> > 40 bytes against a message length of 768 will give me roughly
>> > 19 windows on a single encryption. Frequency analysis is
>> > therefore going to be extremely profitable, not to mention
>> > trivially easy.
>>
>> > Geremy Condra
>>
>> Thanks a lot Tim !
>>
>> @Geremy :
>> this is not a methode to encrypt data
>> it is more a methode to encode /decode strings
>>
>> for exemple to store passwords that need  to be used by others
>> programs
>> yes it 's insecure
>> but there is no secure way to store password that 's need to be
>> retrieve
>>
>> PS : sorry for my english
>
> Ok, what about SHA1? yeah, it is one-way cipher, but it is also all
> you need :).
> When user inputs the password, password is hashed using SHA1 and
> compared with already stored hash, if hashes are the same, password is
> correct. You can use this accross your applications and it will always
> work the same.
> (if someone forgets his password you can always use random generator
> to create new one)

Unfortunately, without input from the dev team over there
I can't do much more than bemoan the current situation.
You are right though- while replay attacks would be a
problem it would be much more resistant to attack than
the current system.

Geremy Condra

More information about the Python-list mailing list