lightweight encryption of text file

Paul Rubin at nospam.invalid
Sun Jan 10 17:54:51 CET 2010

Nobody <nobody at> writes:
> RC4 (aka ArcFour) is quite trivial to implement, and better than inventing
> your own cipher or using a Vignere: ...

That's a cute implementation, but it has no authentication and doesn't
include any randomness, which means if you use the same key for two
inputs, there is a security failure (xor'ing the two ciphertexts reveals
the xor of the plaintexts).  It also looks rather slow.  I don't make
any guarantees about, but it has been reviewed by several experts
and appears to be reasonably sound for the type of casual use being
discussed here, and it is tuned for speed (given the implementation
constraints).  For more demanding purposes, you should use a more
serious library like one of the OpenSSL wrappers.

More information about the Python-list mailing list