[wpkg-users] encryption and decryption
geremy condra
debatem1 at gmail.com
Sun Oct 18 03:28:49 CEST 2009
During a recent discussion on comp.lang.python
(http://groups.google.com/group/comp.lang.python/browse_thread/thread/8b0708e14fe5e7a8#)
I took a look at the code for CXmlSettings::Crypt and CXmlSettings::Decrypt,
and if you want I'd be happy to contribute the code to migrate those to a
modern, secure cipher. The current code is highly vulnerable to frequency
analysis, sliding window attacks, and other well-known, easily executed
attacks, including one-round chosen cipher- and plaintext attacks.
In addition to that, it stores the key in code, which essentially obviates
any security benefit that might be attained by encrypting the data in
the first place.
Geremy Condra
More information about the wpkg-users
mailing list