erikcw napisal(a): > But that can't be reversed, right? I'd like to be able to decrypt the > data instead of having to store the hash in my database... In such case it seems you have no choice but to use a symmetric encryption algorithm - in other words, your original method. If the strings are ~20 bytes long (3 DES blocks), then the base64-encoded ciphertext will have 32 characters. In case of AES, that'll be up to 45 characters. Wouldn't such length be acceptable?
Paul Rubin napisal(a): > 2. What happens if the user edits the subject line? > Under normal security requirements you cannot do this. The ciphertext > has to be longer than the plaintext since you don't want the opponent > to be able to tell whether two plaintexts are the same. Therefore you > have to attach some random padding to each plaintext. Also, you > presumably want the ciphertext to be encoded as printing characters, > while normally you'd treat the input as binary, so there is some > further expansion. If what erikcw is looking for is a cryptographically secure protocol, there are more things to be careful about, like authentication or replay attacks. But indeed, I'm wondering now what his use-case is. > I'm using this encrypted string to identify emails from a > user. (the string will be in the subject line of the email). Why not use "From" field to identify emails from a particular user? Regards, Marek -- http://mail.python.org/mailman/listinfo/python-list