On Wed, Oct 21, 2009 at 3:28 AM, Processor-Dev1l <processor.de...@gmail.com> wrote: > On Oct 18, 8:13 am, Toff <christophed...@gmail.com> wrote: >> On 18 oct, 02:13, geremy condra <debat...@gmail.com> wrote: >> >> >> >> > On Sat, Oct 17, 2009 at 7:57 PM, David Robinow <drobi...@gmail.com> wrote: >> > > On Sat, Oct 17, 2009 at 7:48 PM, geremy condra <debat...@gmail.com> >> > > wrote: >> > >> For the love of baby kittens, please, please, please tell me that >> > >> you do not believe this securely encrypts your data. >> > > Yeah, I think it's pretty good. >> > > Can you do better? >> >> > Trivially. Use AES, 3DES, any standard cryptosystem- there are >> > literally dozens of excellent, well-studied implementations in >> > both C++ and Python, and hardware implementations on many >> > processors. >> >> > The cipher listed will fall in a single round of chosen plaintext >> > attacks or chosen ciphertext attacks, and with a keylength of >> > 40 bytes against a message length of 768 will give me roughly >> > 19 windows on a single encryption. Frequency analysis is >> > therefore going to be extremely profitable, not to mention >> > trivially easy. >> >> > Geremy Condra >> >> Thanks a lot Tim ! >> >> @Geremy : >> this is not a methode to encrypt data >> it is more a methode to encode /decode strings >> >> for exemple to store passwords that need to be used by others >> programs >> yes it 's insecure >> but there is no secure way to store password that 's need to be >> retrieve >> >> PS : sorry for my english > > Ok, what about SHA1? yeah, it is one-way cipher, but it is also all > you need :). > When user inputs the password, password is hashed using SHA1 and > compared with already stored hash, if hashes are the same, password is > correct. You can use this accross your applications and it will always > work the same. > (if someone forgets his password you can always use random generator > to create new one)
Unfortunately, without input from the dev team over there I can't do much more than bemoan the current situation. You are right though- while replay attacks would be a problem it would be much more resistant to attack than the current system. Geremy Condra -- http://mail.python.org/mailman/listinfo/python-list
