On Tue, 10 Nov 2009 12:28:49 -0500, geremy condra wrote: > Steven, remember a few weeks ago when you tried to explain to me that > the person who was storing windows administrative passwords using a 40 > byte xor cipher with the hardcoded password might not be doing something > stupid because I didn't know what their threat model was? Yeah- what you > just said is what I was trying to explain then.
No, I'm sure that wasn't me... perhaps some other Steven D'Aprano... from the Evil Dimension... *wink* Seriously, I'm not sure if I knew that the person was storing Windows admin passwords at the time. If I had, I probably would have agreed with you. But using a 40 byte xor cipher to obfuscate some strings in a game is perfectly valid -- not every locked box needs to be a safe with 18 inch tempered steel walls. I can only repeat what I said to Daniel: can you guarantee that the nice safe, low-risk environment will never change? If not, then choose a more realistic threat model, and build the walls of your locked box accordingly. -- Steven -- http://mail.python.org/mailman/listinfo/python-list
