On 27.06.2015 10:53, Chris Angelico wrote: > On Sat, Jun 27, 2015 at 6:38 PM, Steven D'Aprano <st...@pearwood.info> wrote: >> I'm not a security expert. I'm not even a talented amateur. *Every time* I >> suggest that "X is secure", the security guy at work shoots me down in >> flames. But nicely, because I pay his wages <wink> > > Just out of interest, is _anybody_ active in this thread an expert on > security?
Yes. I've done a good 10 years of work in the field doing security (mostly applied cryptography on embedded systems with a focus on side channels like DPA, but also security concepts and threat/risk analysis) and spent the last 3-4 years working on my PhD in the field of IT security. My thesis is almost(tm) finished. I would claim to be an expert, yes. > I certainly am not, which means that the proposal I'm > currently putting together probably has a whole bunch of > vulnerabilities that I haven't thought of. (Though there's no emphasis > on encryption anywhere, just signing. I'm *hoping* that RSA public key > verification is sufficient, but if it isn't, it would be possible for > a malicious user to make a serious mess of stuff.) But I'm under no > delusions. I don't say "this is secure" - all I'm saying is "this > works in proof-of-concept". I must admit that I haven't seen your ideas in this thread? Best regards, Johannes -- >> Wo hattest Du das Beben nochmal GENAU vorhergesagt? > Zumindest nicht öffentlich! Ah, der neueste und bis heute genialste Streich unsere großen Kosmologen: Die Geheim-Vorhersage. - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1...@speranza.aioe.org> -- https://mail.python.org/mailman/listinfo/python-list