On Thu, Jun 25, 2015 at 7:41 PM, Devin Jeanpierre <jeanpierr...@gmail.com> wrote: >> I know that the OP doesn't propose using ROT-13, but a classical >> substitution cipher isn't that much stronger. > > Yes, it is. It requires the attacker being able to see something about > the ciphertext, unlike ROT13. But it is reasonable to suppose that > maybe the attacker can trigger the file getting executed, at which > point maybe you can deduce from the behavior what the starting bytes > are...? >
If a symmetric cipher is being used and the key is known, anyone can simply perform a decryption operation on the desired bytes, get back a pile of meaningless encrypted junk, and submit that. When it's encrypted with the same key, voila! The cleartext will reappear. Asymmetric ciphers are a bit different, though. AIUI you can't perform a decryption without the private key, whereas you can encrypt with only the public key. So you ought to be safe on that one; the only way someone could deliberately craft input that, when encrypted with your public key, produces a specific set of bytes, would be to brute-force it. (But I might be wrong on that. I'm no crypto expert.) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
