On 26.06.2015 23:29, Jon Ribbens wrote: >> While you seem to think that Steven is rampaging about nothing, he does >> have a fair point: You consistently were vague about wheter you want to >> have encryption, authentication or obfuscation of data. This suggests >> that you may not be so sure yourself what it is you actually want. > > He hasn't been vague, you and Steven just haven't been paying > attention.
Bullshit. Even the topic indicates that he doesn't know what he wants: "data mangling" or "encryption", which one is it? >> You always play around with the 256! which would be a ridiculously high >> security margin (1684 bits of security, woooo!). You totally ignore that >> the system can be broken in a linear fashion. > > No, it can't, because the attacker does not have access to the > ciphertext. Or so you claim. I could go into detail about how the assumtion that the ciphertext is secret is not a smart one in the context of cryptography. And how side channels and other leakage may affect overall system security. But I'm going to save my time on that. I do get paid to review cryptographic systems and part of the job is dealing with belligerent people who have read Schneier's blog and think they can outsmart anyone else. Since I don't get paid to convice you, it's absolutely fine that you think your substitution scheme is the grand prize. >> Nobody assumes you're a moron. But it's safe to assume that you're a >> crypto layman, because only laymen have no clue on how difficult it is >> to get cryptography even remotely right. > > Amateur crypto is indeed a bad idea. But what you're still not getting > is that what he's doing here *isn't crypto*. So the topic says "Encrypting". If you look really closely at the word, the part "crypt" might give away to you that cryptography is involved. > He's just trying to avoid > letting third parties write completely arbitrary data to the disk. There's your requirement. Then there's obviously some kind of implication when a third party *can* write arbitrary data to disk. And your other solution to that problem... > You > know what would be a perfectly good solution to his problem? Base 64 > encoding. That would solve the issue pretty much completely, the only > reason it's not an ideal solution is that it of course increases the > size of the data. ...wow. That's a nice interpretation of not letting a third party write completely arbitrary data. According to your definition, this would be: It's okay if the attacker can control 6 of 8 bits. >> That people in 2015 actually defend inventing a substitution-cipher >> "crypto"system sends literally shivers down my spine. > > Nobody is defending such a thing, you just haven't understood what > problem is being solved here. Oh I understand your "solutions" plenty well. The only thing I don't understand is why you don't own a Fields medal yet for your groundbreaking work on bulletproof obfuscation. Cheers, Johannes -- >> Wo hattest Du das Beben nochmal GENAU vorhergesagt? > Zumindest nicht öffentlich! Ah, der neueste und bis heute genialste Streich unsere großen Kosmologen: Die Geheim-Vorhersage. - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1...@speranza.aioe.org> -- https://mail.python.org/mailman/listinfo/python-list