Pure Python Data Mangling or Encrypting
Devin Jeanpierre
jeanpierreda at gmail.com
Sat Jun 27 16:30:06 EDT 2015
On Fri, Jun 26, 2015 at 11:16 PM, Steven D'Aprano <steve at pearwood.info> wrote:
> On Sat, 27 Jun 2015 02:05 pm, Devin Jeanpierre wrote:
>
>> On Fri, Jun 26, 2015 at 8:38 PM, Steven D'Aprano <steve at pearwood.info>
>> wrote:
>>> Now you say that the application encrypts the data, except that the user
>>> can turn that option off.
>>>
>>> Just make the AES encryption mandatory, not optional. Then the user
>>> cannot upload unencrypted malicious data, and the receiver cannot read
>>> the data. That's two problems solved.
>>
>> No, because another application could pretend to be the file-sending
>> application, but send unencrypted data instead of encrypted data.
>
> Did you stop reading my post when you got to that? Because I went on to say:
At that point I quit in frustration, yeah.
> "Actually, the more I think about this, the more I come to think that the
> only way this can be secure is for both the sending client application and
> the receiving client appl to both encrypt the data. The sender can't
> trust the receiver not to read the files, so the sender has to encrypt; the
> receiver can't trust the sender not to send malicious files, so the
> receiver has to encrypt too."
When you realize you've said something completely wrong, you should
edit your email.
-- Devin
More information about the Python-list
mailing list