lightweight encryption of text file

Robert Kern robert.kern at gmail.com
Mon Jan 11 17:49:30 EST 2010 

On 2010-01-11 14:09 PM, Anthra Norell wrote:
> Robert Kern wrote:
>> On 2010-01-09 03:52 AM, Anthra Norell wrote:

>>> "Don't use a random generator for encryption purposes!" warns the
>>> manual, of which fact I was reminded in no uncertain terms on this forum
>>> a few years ago when I proposed the following little routine in response
>>> to a post very similar to yours. One critic challenged me to encode my
>>> credit card data and post it. Which I did.
>>
>> Actually, you just "encrypted" your credit card number and challenged
>> comp.lang.python to crack it. No one challenged you to do anything of
>> the sort. Fortunately, the ever-watchful eye of Google was upon us
>> that day:
>>
>> http://groups.google.com/group/comp.lang.python/browse_thread/thread/5fb9ffada975bae9?pli=1
>>
> My dear Robert. Thank you for the clarification. You are right. The
> thread recorded by Google doesn't mention the credit card detail. I
> remember it distinctly, though. I also remember that it wasn't my idea.
> And I recall being urged by another, well-mannered, member of this group
> to call it off right away. He wrote--I pretty much quote: "...there must
> be a number of machines out there grinding away at your code right now!"

You are probably remembering James Stroud's post, but it came in response to 
your challenge.

http://www.opensubscriber.com/message/python-list@python.org/1393006.html

>>> Upon which another critic
>>> conjured up the horror vision of gigahertzes hacking my pathetic little
>>> effort to pieces as I was reading his message. Of the well-meaning kind,
>>> he urged me to put an immediate stop to this foolishness. I didn't.
>>>
>>> No unplanned expenditures ensued.
>>
>> That's because comp.lang.python is not full of thieves, not because
>> your algorithm is worth a damn.
 >
> You're right about the thieves. You have a point about my algorithm,
> although you might express it in a fashion that lives up to its merits.
> My algorithm would not resist a brute-force attack that iterates through
> all possible keys and analyzes the outcome for non-randomness. I knew
> that then and so I posted a second-level encryption, that is, an
> encryption of an encryption. Thus the brute-force attack wouldn't find
> anything non-random. By not disclosing the detail I may have breached
> some formal rule of the craft.

So, you're saying that you lied about the encryption algorithm used in your 
challenge. USENET has no (or very few) formal rules for you to breach, but lying 
certainly isn't ethical behavior. Honestly, it's okay to not be a good 
cryptographer. I'm not. But it is very much not okay to be a liar.

-- 
Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
  that is made terrible by our own mad attempt to interpret it as though it had
  an underlying truth."
   -- Umberto Eco

More information about the Python-list mailing list