On Tue, Oct 20, 2009 at 2:06 AM, Robert Kern <robert.k...@gmail.com> wrote: > Steven D'Aprano wrote: >> >> On Sat, 17 Oct 2009 19:48:46 -0400, geremy condra wrote: >> >>> For the love of baby kittens, please, please, please tell me that you do >>> not believe this securely encrypts your data. >> >> Surely that depends on your threat model? > > Well, let's let the OP off the hook immediately. He's just trying to > interoperate with another piece of software that wrote WPKG. So let's put > all of the blame, if any, on the WPKG authors. >
True enough. I wrote to the WPKG mailing list and offered to provide a patch to migrate them to a standard (and reasonably secure) cryptosystem, but despite a number of enthusiastic replies from board members, I've heard nothing from anybody with commit access. > I would say that this form of obfuscation is totally inadequate for WPKG's > actual threat model. The WPKG server, which performs unattended software > installation, appears to run with a very high level of privilege in Windows. > It implements its own authentication mechanism to allow low privilege > clients to access it and install software. > > http://wpkg.org/System_User > > It seems like the threat model has a large attack surface for a small > investment. You don't need NSA level attacks here, just a typical hacker's > job. It's certainly not unreasonable for this to be an easier target than > social engineering for a largish payoff (remote software deployment across > an entire IT infrastructure). > > But perhaps this might be an acceptable choice if one were familiar with > one's own IT infrastructure and were implementing this oneself, but to > distribute this to other people.... > > And the thing is, it is actually pretty damn easy to do something standard > and possibly-secure than it is to roll-your-own definitely-insecure system. > It really doesn't buy you anything. There's just no reason to complicate > matters. There is nothing here to justify bad crypto. > > -- > Robert Kern Well said. Geremy Condra -- http://mail.python.org/mailman/listinfo/python-list
