ANN: obfuscate
in [Python]
|
Prev: Read PGM's with more than 256 range in PIL1.1.7
Next: come and join www.pakdub.com where u can find friends, classifieds, games, music albums, events, blogs, chatrooms, video songs and lot more.... for free
From: Christian Heimes on 9 Feb 2010 20:03 Stef Mientki wrote: > sorry I don't, > unless Python is only meant for the very well educated people in encryption. All algorithms in obfuscate are obsolete, insecure and only interesting for people *that* want to get well educated in the history of encryption. > I neither did look at the code, > but as a beginner with just 3 years of experience in Python, > I've tried several scrambling libs, for a quick and dirty use. > All were much too difficult, so I made my own xor-something. > Coming from Delphi, a scrambling lib is working is less than 10 minutes, > without the need of any knowledge of encryption. > I prefer Python over Delphi, but some things are made very complex in > Python. It's tricky to implement modern cryptographic algorithms with Python. Most example codes are written in C and the implementations are using overflow (e.g. 255 + 1 == 0) a lot. It took me twice as long to get the TEA family (TEA, XTEA, XXTEA) crypt functions right in Python than I required to wrap existing code in an handwritten C interface. One of the strongest encryption algorithm in the list -- Vigen�re -- was crack over 150 years (!) ago. A much, much stronger version of the principles behind Vigen�re was used in the German Enigma machine. Because the algorithm was still not good enought some clever guy called Turing and his team was able to crack the enigma. It's one of the main reasons the Germans were defeated and the world doesn't look like in Robert Harris "Fatherland" today. Oh, and we go computers, too. ;) Grab pycrypto, m2crypto or one of the other packages if you need a minimum amount of security. Christian
From: Ben Finney on 9 Feb 2010 20:24 Christian Heimes <lists(a)cheimes.de> writes: > All algorithms in obfuscate are obsolete, insecure and only > interesting for people *that* want to get well educated in the history > of encryption. Not true. Another use case is suggested by the chosen name for the library: to obfuscate text against casual human reading, while not making it at all difficult to decrypt by people who are motivated to do so. The classic example is rot-13 encryption of text in internet messages; it would be a failure of imagination to suggest there are not other, similar use cases. > Grab pycrypto, m2crypto or one of the other packages if you need a > minimum amount of security. Agreed. However, for cases that *don't* need security from determined attackers, I don't think those obviate the usefulness of this library. -- \ “Reality must take precedence over public relations, for nature | `\ cannot be fooled.” —Richard P. Feynman | _o__) | Ben Finney
From: Steven D'Aprano on 9 Feb 2010 20:35 On Wed, 10 Feb 2010 02:03:47 +0100, Christian Heimes wrote: > Stef Mientki wrote: >> sorry I don't, >> unless Python is only meant for the very well educated people in >> encryption. > > All algorithms in obfuscate are obsolete, insecure and only interesting > for people *that* want to get well educated in the history of > encryption. [...] > Grab pycrypto, m2crypto or one of the other packages if you need a > minimum amount of security. As the author of obfuscate, I would like to second Christian's statement. obfuscate is NOT meant for serious security, as I state in both the source code and the documentation to the module. That's not to say that it can't be useful for some people -- I wouldn't have spent the time writing it if I didn't think it was useful. But it is useful for obfuscation, education and puzzles, not for secure encryption. I'm not sure how serious the calls for this to be added to the standard library are. If they're serious, I'm grateful for the votes of confidence from people, but I can't imagine Guido saying yes. In any case, it's premature to talk about adding it to the std library while it is still in alpha. Thank you for all the comments, even the tongue-in-cheek ones. This has exceeded my wildest expectations! I'm always interested in feedback, good and bad, either publicly or privately. -- Steven
From: Daniel Fetchinson on 10 Feb 2010 06:06 >> All algorithms in obfuscate are obsolete, insecure and only >> interesting for people *that* want to get well educated in the history >> of encryption. > > Not true. Another use case is suggested by the chosen name for the > library: to obfuscate text against casual human reading, while not > making it at all difficult to decrypt by people who are motivated to do > so. > > The classic example is rot-13 encryption of text in internet messages; > it would be a failure of imagination to suggest there are not other, > similar use cases. I fully agree. Judging by the posts on c.l.p the need for simple obfuscation regularly comes up. I also posted something not so long ago and got all sorts of useful advice, a package here, a module there, etc. It also turned out that everybody mostly writes his/her own obfuscation routine. That is why I suggested that perhaps if the code base stabilizes an inclusion into the stdlib could be discussed. I'm not sure it really needs to go there but if it turns out that as many people need this kind of stuff as I imagine it, well, then we have enough use cases for sure. >> Grab pycrypto, m2crypto or one of the other packages if you need a >> minimum amount of security. > > Agreed. However, for cases that *don't* need security from determined > attackers, I don't think those obviate the usefulness of this library. Exactly. Cheers, Daniel -- Psss, psss, put it down! - http://www.cafepress.com/putitdown
From: Simon Brunning on 10 Feb 2010 06:23
On 10 February 2010 01:24, Ben Finney <ben+python(a)benfinney.id.au> wrote: > The classic example is rot-13 encryption of text in internet messages; > it would be a failure of imagination to suggest there are not other, > similar use cases. That's built-in: >>> "Hello World!".encode('rot-13') 'Uryyb Jbeyq!' -- Cheers, Simon B. |