Steven D'Aprano wrote:
On Sat, 17 Oct 2009 19:48:46 -0400, geremy condra wrote:
For the love of baby kittens, please, please, please tell me that you do
not believe this securely encrypts your data.
Surely that depends on your threat model?
Well, let's let the OP off the hook immediately. He's just trying to
interoperate with another piece of software that wrote WPKG. So let's put all of
the blame, if any, on the WPKG authors.
I would say that this form of obfuscation is totally inadequate for WPKG's
actual threat model. The WPKG server, which performs unattended software
installation, appears to run with a very high level of privilege in Windows. It
implements its own authentication mechanism to allow low privilege clients to
access it and install software.
http://wpkg.org/System_User
It seems like the threat model has a large attack surface for a small
investment. You don't need NSA level attacks here, just a typical hacker's job.
It's certainly not unreasonable for this to be an easier target than social
engineering for a largish payoff (remote software deployment across an entire IT
infrastructure).
But perhaps this might be an acceptable choice if one were familiar with one's
own IT infrastructure and were implementing this oneself, but to distribute this
to other people....
And the thing is, it is actually pretty damn easy to do something standard and
possibly-secure than it is to roll-your-own definitely-insecure system. It
really doesn't buy you anything. There's just no reason to complicate matters.
There is nothing here to justify bad crypto.
--
Robert Kern
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
--
http://mail.python.org/mailman/listinfo/python-list
