On Thu, Jun 25, 2015 at 2:57 AM, Chris Angelico <ros...@gmail.com> wrote: > On Thu, Jun 25, 2015 at 7:41 PM, Devin Jeanpierre > <jeanpierr...@gmail.com> wrote: >>> I know that the OP doesn't propose using ROT-13, but a classical >>> substitution cipher isn't that much stronger. >> >> Yes, it is. It requires the attacker being able to see something about >> the ciphertext, unlike ROT13. But it is reasonable to suppose that >> maybe the attacker can trigger the file getting executed, at which >> point maybe you can deduce from the behavior what the starting bytes >> are...? >> > > If a symmetric cipher is being used and the key is known, anyone can > simply perform a decryption operation on the desired bytes, get back a > pile of meaningless encrypted junk, and submit that. When it's > encrypted with the same key, voila! The cleartext will reappear. > > Asymmetric ciphers are a bit different, though. AIUI you can't perform > a decryption without the private key, whereas you can encrypt with > only the public key. So you ought to be safe on that one; the only way > someone could deliberately craft input that, when encrypted with your > public key, produces a specific set of bytes, would be to brute-force > it. (But I might be wrong on that. I'm no crypto expert.)
Yes, so it should be random. -- Devin -- https://mail.python.org/mailman/listinfo/python-list
