lightweight encryption of text file

Paul Rubin no.email at nospam.invalid
Sun Jan 10 17:54:51 CET 2010


Nobody <nobody at nowhere.com> writes:
> RC4 (aka ArcFour) is quite trivial to implement, and better than inventing
> your own cipher or using a Vignere: ...

That's a cute implementation, but it has no authentication and doesn't
include any randomness, which means if you use the same key for two
inputs, there is a security failure (xor'ing the two ciphertexts reveals
the xor of the plaintexts).  It also looks rather slow.  I don't make
any guarantees about p3.py, but it has been reviewed by several experts
and appears to be reasonably sound for the type of casual use being
discussed here, and it is tuned for speed (given the implementation
constraints).  For more demanding purposes, you should use a more
serious library like one of the OpenSSL wrappers.



More information about the Python-list mailing list