Pure Python Data Mangling or Encrypting
Johannes Bauer
dfnsonfsduifb at gmx.de
Fri Jun 26 18:42:52 EDT 2015
On 26.06.2015 23:29, Jon Ribbens wrote:
>> While you seem to think that Steven is rampaging about nothing, he does
>> have a fair point: You consistently were vague about wheter you want to
>> have encryption, authentication or obfuscation of data. This suggests
>> that you may not be so sure yourself what it is you actually want.
>
> He hasn't been vague, you and Steven just haven't been paying
> attention.
Bullshit. Even the topic indicates that he doesn't know what he wants:
"data mangling" or "encryption", which one is it?
>> You always play around with the 256! which would be a ridiculously high
>> security margin (1684 bits of security, woooo!). You totally ignore that
>> the system can be broken in a linear fashion.
>
> No, it can't, because the attacker does not have access to the
> ciphertext.
Or so you claim.
I could go into detail about how the assumtion that the ciphertext is
secret is not a smart one in the context of cryptography. And how side
channels and other leakage may affect overall system security. But I'm
going to save my time on that. I do get paid to review cryptographic
systems and part of the job is dealing with belligerent people who have
read Schneier's blog and think they can outsmart anyone else. Since I
don't get paid to convice you, it's absolutely fine that you think your
substitution scheme is the grand prize.
>> Nobody assumes you're a moron. But it's safe to assume that you're a
>> crypto layman, because only laymen have no clue on how difficult it is
>> to get cryptography even remotely right.
>
> Amateur crypto is indeed a bad idea. But what you're still not getting
> is that what he's doing here *isn't crypto*.
So the topic says "Encrypting". If you look really closely at the word,
the part "crypt" might give away to you that cryptography is involved.
> He's just trying to avoid
> letting third parties write completely arbitrary data to the disk.
There's your requirement. Then there's obviously some kind of
implication when a third party *can* write arbitrary data to disk. And
your other solution to that problem...
> You
> know what would be a perfectly good solution to his problem? Base 64
> encoding. That would solve the issue pretty much completely, the only
> reason it's not an ideal solution is that it of course increases the
> size of the data.
...wow.
That's a nice interpretation of not letting a third party write
completely arbitrary data. According to your definition, this would be:
It's okay if the attacker can control 6 of 8 bits.
>> That people in 2015 actually defend inventing a substitution-cipher
>> "crypto"system sends literally shivers down my spine.
>
> Nobody is defending such a thing, you just haven't understood what
> problem is being solved here.
Oh I understand your "solutions" plenty well. The only thing I don't
understand is why you don't own a Fields medal yet for your
groundbreaking work on bulletproof obfuscation.
Cheers,
Johannes
--
>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
- Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1 at speranza.aioe.org>
More information about the Python-list
mailing list