On 26.06.2015 22:09, Randall Smith wrote: > You've gone on a rampage about nothing. My original description said > the client was supposed to encrypt the data, but you want to assume the > opposite for some unknown reason.
While you seem to think that Steven is rampaging about nothing, he does have a fair point: You consistently were vague about wheter you want to have encryption, authentication or obfuscation of data. This suggests that you may not be so sure yourself what it is you actually want. All Steven is doing is pointing out that people do good crypto for a reason. It's 2015 and we're still discussion "substitution ciphers", really? Good crypto is available, it's fast, it has awesome cryptanalysis. All Steven is pointing out is that when ten crypto-laymen meet in a Python newsgroup and think they have invented a soooper secure scheme, it may still be complete and utter crap. Just not everone can see it. You always play around with the 256! which would be a ridiculously high security margin (1684 bits of security, woooo!). You totally ignore that the system can be broken in a linear fashion. I don't need to know all 256 characters to do damage, sometimes even a handful will already give me part of what I need and the option to crack more and more. This is something that would ultimately and instantly disqualify your "crypto"system as utterly insecure. Nobody assumes you're a moron. But it's safe to assume that you're a crypto layman, because only laymen have no clue on how difficult it is to get cryptography even remotely right. Everyone who knows the trade uses proven constructions not because it's inconvenient, but because it's one of the very few ways to achieve a secure system. That said, for your solution this type of obfuscation may be fine. And chances are that nobody will ever notice. But don't claim you weren't warned about the abyss when you designed your solution and people break this stuff. Because then you might *look* like a moron (even if you're not), since the first question people will ask will be: "Why? Why on earth?" It's a blatantly obvious bad idea(tm). That people in 2015 actually defend inventing a substitution-cipher "crypto"system sends literally shivers down my spine. Cheers, Johannes -- >> Wo hattest Du das Beben nochmal GENAU vorhergesagt? > Zumindest nicht öffentlich! Ah, der neueste und bis heute genialste Streich unsere großen Kosmologen: Die Geheim-Vorhersage. - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1...@speranza.aioe.org> -- https://mail.python.org/mailman/listinfo/python-list
