Pure Python Data Mangling or Encrypting
alister.nospam.ware at ntlworld.com
Wed Jul 1 10:06:20 CEST 2015
On Tue, 30 Jun 2015 23:25:01 +0000, Jon Ribbens wrote:
> On 2015-06-30, Steven D'Aprano <steve at pearwood.info> wrote:
>> I don't think there has been much research into keeping at least *some*
>> security even when keys have been compromised, apart from as it relates
>> to two-factor authentication.
> That's because "the key" is all the secret part. If an attacker knows
> the algorithm, and the key, and the ciphertext, then *by definition* all
> is lost. If you mean keeping the algorithm secret too then that's just
> considered bad crypto.
>> In the past, and still today among people who don't understand
>> Kerckhoffs' principle, people have tried to keep the cipher secret and
>> not have a key at all. E.g. atbash, or caesar cipher, which once upon a
>> time were cutting edge ciphers, as laughably insecure as they are
>> today. If the method was compromised, all was lost.
> Caesar cipher has a key. It's just very small, so is easy to guess.
>> Today, if the key is compromised, all is lost. Is it possible that
>> there are ciphers that are resistant to discovery of the key? Obviously
>> if you know the key you can read encrypted messages, that's what the
>> key is for, but there are scenarios where you would want security to
>> degrade gracefully instead of in a brittle all-or-nothing manner:
>> - even if the attacker can read my messages, he cannot tamper with
>> them or write new ones as me.
> I suppose that could be achieved by having separate encryption and
> signing keys, but you could do the same but better by encrypting with
> multiple algorithms. It's not an unstudied area:
"The kipper flies at Midnight"
(from almost every WWII spy movie ever)
even if this message is decoded it is meaningless unless the attacker
also has the meanings of the Code phrases
(which would mean your agent had been captured anyway)
That's the funniest thing I've ever heard and I will _not_ condone it.
-- DyerMaker, 17 March 2000 MegaPhone radio show
More information about the Python-list