On 06/28/2015 09:21 AM, Jon Ribbens wrote:
On 2015-06-27, Randall Smith <rand...@tnr.cc> wrote:
Thankyou. Nice points. I do think given the risks (there are always
risks) discussed, a successful attack of this nature is not very likely.
Worse case, something that looks like this would land on the disk.
crc32 checksum + translation table + malware
with a generated base64 name and no extension.
I'm not sure why you're bothering with the checksum, it doesn't seem
to me that it buys you anything. Personally I'd do something like
this (pseudocode):
Same reason newer filesystems like BTRFS use checkusms (BTRFS uses
CRC32). The storage machine runs periodic file integrity checks. It
has no control over the underlying filesystem.
def obfuscate(data):
encode_key = list(range(256))
random.shuffle(encode_key)
encode_key = bytes(encode_key)
decode_key = bytes(encode_key.index(i) for i in range(256))
return decode_key + data.translate(encode_key) + decode_key
def deobfuscate(data):
return data[256:-256].translate(data[:256])
The reason for appending the key as well as prepending it is that some
anti-virus or malware scanners may well look at the last part of the
file first, so putting something entirely locally-generated there may
add a bit of safety. You could also simply pad with nulls or something
of course, but again I can imagine some tools skipping backwards past
nulls.
--
https://mail.python.org/mailman/listinfo/python-list
