On Oct 18, 8:13 am, Toff <christophed...@gmail.com> wrote: > On 18 oct, 02:13, geremy condra <debat...@gmail.com> wrote: > > > > > On Sat, Oct 17, 2009 at 7:57 PM, David Robinow <drobi...@gmail.com> wrote: > > > On Sat, Oct 17, 2009 at 7:48 PM, geremy condra <debat...@gmail.com> wrote: > > >> For the love of baby kittens, please, please, please tell me that > > >> you do not believe this securely encrypts your data. > > > Yeah, I think it's pretty good. > > > Can you do better? > > > Trivially. Use AES, 3DES, any standard cryptosystem- there are > > literally dozens of excellent, well-studied implementations in > > both C++ and Python, and hardware implementations on many > > processors. > > > The cipher listed will fall in a single round of chosen plaintext > > attacks or chosen ciphertext attacks, and with a keylength of > > 40 bytes against a message length of 768 will give me roughly > > 19 windows on a single encryption. Frequency analysis is > > therefore going to be extremely profitable, not to mention > > trivially easy. > > > Geremy Condra > > Thanks a lot Tim ! > > @Geremy : > this is not a methode to encrypt data > it is more a methode to encode /decode strings > > for exemple to store passwords that need to be used by others > programs > yes it 's insecure > but there is no secure way to store password that 's need to be > retrieve > > PS : sorry for my english
Ok, what about SHA1? yeah, it is one-way cipher, but it is also all you need :). When user inputs the password, password is hashed using SHA1 and compared with already stored hash, if hashes are the same, password is correct. You can use this accross your applications and it will always work the same. (if someone forgets his password you can always use random generator to create new one) -- http://mail.python.org/mailman/listinfo/python-list
