Johannes, I agree with a lot of what you say, but can you please have less of a mean attitude?
-- Devin On Fri, Jun 26, 2015 at 3:42 PM, Johannes Bauer <dfnsonfsdu...@gmx.de> wrote: > On 26.06.2015 23:29, Jon Ribbens wrote: > >>> While you seem to think that Steven is rampaging about nothing, he does >>> have a fair point: You consistently were vague about wheter you want to >>> have encryption, authentication or obfuscation of data. This suggests >>> that you may not be so sure yourself what it is you actually want. >> >> He hasn't been vague, you and Steven just haven't been paying >> attention. > > Bullshit. Even the topic indicates that he doesn't know what he wants: > "data mangling" or "encryption", which one is it? > >>> You always play around with the 256! which would be a ridiculously high >>> security margin (1684 bits of security, woooo!). You totally ignore that >>> the system can be broken in a linear fashion. >> >> No, it can't, because the attacker does not have access to the >> ciphertext. > > Or so you claim. > > I could go into detail about how the assumtion that the ciphertext is > secret is not a smart one in the context of cryptography. And how side > channels and other leakage may affect overall system security. But I'm > going to save my time on that. I do get paid to review cryptographic > systems and part of the job is dealing with belligerent people who have > read Schneier's blog and think they can outsmart anyone else. Since I > don't get paid to convice you, it's absolutely fine that you think your > substitution scheme is the grand prize. > >>> Nobody assumes you're a moron. But it's safe to assume that you're a >>> crypto layman, because only laymen have no clue on how difficult it is >>> to get cryptography even remotely right. >> >> Amateur crypto is indeed a bad idea. But what you're still not getting >> is that what he's doing here *isn't crypto*. > > So the topic says "Encrypting". If you look really closely at the word, > the part "crypt" might give away to you that cryptography is involved. > >> He's just trying to avoid >> letting third parties write completely arbitrary data to the disk. > > There's your requirement. Then there's obviously some kind of > implication when a third party *can* write arbitrary data to disk. And > your other solution to that problem... > >> You >> know what would be a perfectly good solution to his problem? Base 64 >> encoding. That would solve the issue pretty much completely, the only >> reason it's not an ideal solution is that it of course increases the >> size of the data. > > ...wow. > > That's a nice interpretation of not letting a third party write > completely arbitrary data. According to your definition, this would be: > It's okay if the attacker can control 6 of 8 bits. > >>> That people in 2015 actually defend inventing a substitution-cipher >>> "crypto"system sends literally shivers down my spine. >> >> Nobody is defending such a thing, you just haven't understood what >> problem is being solved here. > > Oh I understand your "solutions" plenty well. The only thing I don't > understand is why you don't own a Fields medal yet for your > groundbreaking work on bulletproof obfuscation. > > Cheers, > Johannes > > -- >>> Wo hattest Du das Beben nochmal GENAU vorhergesagt? >> Zumindest nicht öffentlich! > Ah, der neueste und bis heute genialste Streich unsere großen > Kosmologen: Die Geheim-Vorhersage. > - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1...@speranza.aioe.org> > -- > https://mail.python.org/mailman/listinfo/python-list -- https://mail.python.org/mailman/listinfo/python-list