ANN: obfuscate
Steven D'Aprano
http://pypi.python.org/pypi/obfuscate/0.2.2a
obfuscate is a pure-Python module providing classical encryption
algorithms suitable for obfuscating and unobfuscating text.
obfuscate includes the following ciphers:
- Caesar, rot13, rot5, rot18, rot47
- atbash
- Playfair, Playfair6 and Playfair16
- Railfence (encryption only)
- Keyword
- Affine
- Vigenere
- frob (xor)
and others.
DISCLAIMER: obfuscate is not cryptographically strong, and should not be
used where high security is required. (The ciphers provided in obfuscate
may have been state of the art centuries ago, but should not be used
where strong encryption is required.
obfuscate is released under the MIT licence.
Requires Python 2.5 or 2.6.
--
Steven D'Aprano
Christian Heimes
> I am pleased to announce the first public release of obfuscate 0.2.2a.
>
> http://pypi.python.org/pypi/obfuscate/0.2.2a
>
> obfuscate is a pure-Python module providing classical encryption
> algorithms suitable for obfuscating and unobfuscating text.
>
> obfuscate includes the following ciphers:
> - Caesar, rot13, rot5, rot18, rot47
> - atbash
> - Playfair, Playfair6 and Playfair16
> - Railfence (encryption only)
> - Keyword
> - Affine
> - Vigenere
> - frob (xor)
Nice work!
Your work should be interesting for everybody who has read Simon Sing's
"The Code Book: The Science of Secrecy from Ancient Egypt to Quantum".
Christian
geremy condra
> http://mail.python.org/mailman/listinfo/python-list
>
Nice! Maybe someday you can extend it with a pen-and-paper
signature scheme ;)
Geremy Condra
Tim Chase
> obfuscate is a pure-Python module providing classical encryption
> algorithms suitable for obfuscating and unobfuscating text.
>
> obfuscate includes the following ciphers:
> - Caesar, rot13, rot5, rot18, rot47
> - atbash
> - Playfair, Playfair6 and Playfair16
> - Railfence (encryption only)
> - Keyword
> - Affine
> - Vigenere
> - frob (xor)
I prefer the strength of Triple ROT-13 for my obfuscation needs,
but I don't see it listed here. I guess I'll have to roll my own
despite the dire warnings against amateur cryptographers
authoring their own unvetted implementations. ;-)
-tkc
Gregory Ewing
> I prefer the strength of Triple ROT-13 for my obfuscation needs, but I
> don't see it listed here.
That's old hat -- with the advent of 3GHz cpus and GPGPU, all the
experts are recommending quadruple ROT-128 nowadays.
--
Greg
Roy Smith
Steven D'Aprano <st...@REMOVE-THIS-cybersource.com.au> wrote:
> I am pleased to announce the first public release of obfuscate 0.2.2a.
>
> http://pypi.python.org/pypi/obfuscate/0.2.2a
>
> obfuscate is a pure-Python module providing classical encryption
> algorithms suitable for obfuscating and unobfuscating text.
>
> obfuscate includes the following ciphers:
> - Caesar, rot13, rot5, rot18, rot47
> - atbash
> - Playfair, Playfair6 and Playfair16
> - Railfence (encryption only)
> - Keyword
> - Affine
> - Vigenere
> - frob (xor)
No pig latin?
Daniel Fetchinson
Great, these packages are badly needed!
If the code base stabilizes in a production version after losing the
alphas and betas they would be a great addition to the stdlib, I
think.
Cheers,
Daniel
--
Psss, psss, put it down! - http://www.cafepress.com/putitdown
Robert Kern
>
> If the code base stabilizes in a production version after losing the
> alphas and betas they would be a great addition to the stdlib, I
> think.
Why?
--
Robert Kern
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
Aahz
Robert Kern <rober...@gmail.com> wrote:
>On 2010-02-09 09:37 AM, Daniel Fetchinson wrote:
>>>
>>> obfuscate is a pure-Python module providing classical encryption
>>> algorithms suitable for obfuscating and unobfuscating text.
>>>
>>> used where high security is required. (The ciphers provided in obfuscate
>>> may have been state of the art centuries ago, but should not be used
>>> where strong encryption is required.
>>
>>
>> If the code base stabilizes in a production version after losing the
>> alphas and betas they would be a great addition to the stdlib, I
>> think.
>
>Why?
You missed the white-on-white smiley, I think.
--
Aahz (aa...@pythoncraft.com) <*> http://www.pythoncraft.com/
import antigravity
Simon Brunning
> On 2010-02-09 09:37 AM, Daniel Fetchinson wrote:
>> If the code base stabilizes in a production version after losing the
>> alphas and betas they would be a great addition to the stdlib, I
>> think.
>
> Why?
I agree. Why wait? Put them in the stdlib now!
--
Cheers,
Simon B.
David Robinow
Alf P. Steinbach
> On Tue, Feb 9, 2010 at 5:10 PM, Simon Brunning <si...@brunningonline.net> wrote:
>> On 9 February 2010 16:29, Robert Kern <rober...@gmail.com> wrote:
>>> On 2010-02-09 09:37 AM, Daniel Fetchinson wrote:
>>>> If the code base stabilizes in a production version after losing the
>>>> alphas and betas they would be a great addition to the stdlib, I
>>>> think.
>>> Why?
>> I agree. Why wait? Put them in the stdlib now!
>>
I agree.
I haven't looked at the code but the functionality that's listed is useful, e.g.
in a Usenet client, and it's fun to play around with for a beginner.
Also, for example, Christian Heimes wrote else-thread: �Your work should be
interesting for everybody who has read Simon Sing's "The Code Book: The Science
of Secrecy from Ancient Egypt to Quantum"� (and I for one have that book).
Cheers,
- Alf
Stef Mientki
> * David Robinow:
>> On Tue, Feb 9, 2010 at 5:10 PM, Simon Brunning
>> <si...@brunningonline.net> wrote:
>>> On 9 February 2010 16:29, Robert Kern <rober...@gmail.com> wrote:
>>>> On 2010-02-09 09:37 AM, Daniel Fetchinson wrote:
>>>>> If the code base stabilizes in a production version after losing the
>>>>> alphas and betas they would be a great addition to the stdlib, I
>>>>> think.
>>>> Why?
>>> I agree. Why wait? Put them in the stdlib now!
>>>
>> Can we please stop this?
>
> I agree.
>
unless Python is only meant for the very well educated people in encryption.
> I haven't looked at the code but the functionality that's listed is
> useful, e.g. in a Usenet client, and it's fun to play around with for
> a beginner.
I neither did look at the code,
but as a beginner with just 3 years of experience in Python,
I've tried several scrambling libs, for a quick and dirty use.
All were much too difficult, so I made my own xor-something.
Coming from Delphi, a scrambling lib is working is less than 10 minutes,
without the need of any knowledge of encryption.
I prefer Python over Delphi, but some things are made very complex in
Python.
cheers,
Stef
Gabriel Genellina
escribi�:
> On 10-02-2010 00:09, Alf P. Steinbach wrote:
>>> On Tue, Feb 9, 2010 at 5:10 PM, Simon Brunning
>>> <si...@brunningonline.net> wrote:
>>>> On 9 February 2010 16:29, Robert Kern <rober...@gmail.com> wrote:
>>>>> On 2010-02-09 09:37 AM, Daniel Fetchinson wrote:
>>>>>> If the code base stabilizes in a production version after losing the
>>>>>> alphas and betas they would be a great addition to the stdlib, I
>>>>>> think.
>>>>> Why?
>>>> I agree. Why wait? Put them in the stdlib now!
>>> Can we please stop this?
>> I agree.
>>
> unless Python is only meant for the very well educated people in
> encryption.
>
>> useful, e.g. in a Usenet client, and it's fun to play around with for a
>> beginner.
> but as a beginner with just 3 years of experience in Python,
> I've tried several scrambling libs, for a quick and dirty use.
> All were much too difficult, so I made my own xor-something.
> Coming from Delphi, a scrambling lib is working is less than 10 minutes,
> without the need of any knowledge of encryption.
> I prefer Python over Delphi, but some things are made very complex in
> Python.
Are you sure?
>>> def xor(s, key):
... return ''.join(chr(ord(c)^key) for c in s)
...
>>> txt = "Hello world!"
>>> xor(txt, 123)
'3\x1e\x17\x17\x14[\x0c\x14\t\x17\x1fZ'
>>> xor(_, 123)
'Hello world!'
The Delphi code would be certainly longer than that, some variation of:
function encrypt_xor(const s: string; key: integer);
var
i: integer;
begin
SetLength(Result, length(s));
for i:=1 to length(s) do
begin
Result[i] := chr(ord(s[i]) xor key);
end;
end;
(untested)
--
Gabriel Genellina
Christian Heimes
> sorry I don't,
> unless Python is only meant for the very well educated people in encryption.
All algorithms in obfuscate are obsolete, insecure and only interesting
for people *that* want to get well educated in the history of encryption.
> I neither did look at the code,
> but as a beginner with just 3 years of experience in Python,
> I've tried several scrambling libs, for a quick and dirty use.
> All were much too difficult, so I made my own xor-something.
> Coming from Delphi, a scrambling lib is working is less than 10 minutes,
> without the need of any knowledge of encryption.
> I prefer Python over Delphi, but some things are made very complex in
> Python.
It's tricky to implement modern cryptographic algorithms with Python.
Most example codes are written in C and the implementations are using
overflow (e.g. 255 + 1 == 0) a lot. It took me twice as long to get the
TEA family (TEA, XTEA, XXTEA) crypt functions right in Python than I
required to wrap existing code in an handwritten C interface.
One of the strongest encryption algorithm in the list -- Vigen�re -- was
crack over 150 years (!) ago. A much, much stronger version of the
principles behind Vigen�re was used in the German Enigma machine.
Because the algorithm was still not good enought some clever guy called
Turing and his team was able to crack the enigma. It's one of the main
reasons the Germans were defeated and the world doesn't look like in
Robert Harris "Fatherland" today. Oh, and we go computers, too. ;)
Grab pycrypto, m2crypto or one of the other packages if you need a
minimum amount of security.
Christian
Ben Finney
> All algorithms in obfuscate are obsolete, insecure and only
> interesting for people *that* want to get well educated in the history
> of encryption.
Not true. Another use case is suggested by the chosen name for the
library: to obfuscate text against casual human reading, while not
making it at all difficult to decrypt by people who are motivated to do
so.
The classic example is rot-13 encryption of text in internet messages;
it would be a failure of imagination to suggest there are not other,
similar use cases.
> Grab pycrypto, m2crypto or one of the other packages if you need a
> minimum amount of security.
Agreed. However, for cases that *don't* need security from determined
attackers, I don't think those obviate the usefulness of this library.
--
\ “Reality must take precedence over public relations, for nature |
`\ cannot be fooled.” —Richard P. Feynman |
_o__) |
Ben Finney
Steven D'Aprano
> Stef Mientki wrote:
>> sorry I don't,
>> unless Python is only meant for the very well educated people in
>> encryption.
>
> All algorithms in obfuscate are obsolete, insecure and only interesting
> for people *that* want to get well educated in the history of
> encryption.
[...]
> Grab pycrypto, m2crypto or one of the other packages if you need a
> minimum amount of security.
As the author of obfuscate, I would like to second Christian's statement.
obfuscate is NOT meant for serious security, as I state in both the
source code and the documentation to the module.
That's not to say that it can't be useful for some people -- I wouldn't
have spent the time writing it if I didn't think it was useful. But it is
useful for obfuscation, education and puzzles, not for secure encryption.
I'm not sure how serious the calls for this to be added to the standard
library are. If they're serious, I'm grateful for the votes of confidence
from people, but I can't imagine Guido saying yes. In any case, it's
premature to talk about adding it to the std library while it is still in
alpha.
Thank you for all the comments, even the tongue-in-cheek ones. This has
exceeded my wildest expectations! I'm always interested in feedback, good
and bad, either publicly or privately.
--
Steven
Daniel Fetchinson
>> interesting for people *that* want to get well educated in the history
>> of encryption.
>
> Not true. Another use case is suggested by the chosen name for the
> library: to obfuscate text against casual human reading, while not
> making it at all difficult to decrypt by people who are motivated to do
> so.
>
> The classic example is rot-13 encryption of text in internet messages;
> it would be a failure of imagination to suggest there are not other,
> similar use cases.
I fully agree. Judging by the posts on c.l.p the need for simple
obfuscation regularly comes up. I also posted something not so long
ago and got all sorts of useful advice, a package here, a module
there, etc. It also turned out that everybody mostly writes his/her
own obfuscation routine. That is why I suggested that perhaps if the
code base stabilizes an inclusion into the stdlib could be discussed.
I'm not sure it really needs to go there but if it turns out that as
many people need this kind of stuff as I imagine it, well, then we
have enough use cases for sure.
>> Grab pycrypto, m2crypto or one of the other packages if you need a
>> minimum amount of security.
>
> Agreed. However, for cases that *don't* need security from determined
> attackers, I don't think those obviate the usefulness of this library.
Exactly.
Simon Brunning
> The classic example is rot-13 encryption of text in internet messages;
> it would be a failure of imagination to suggest there are not other,
> similar use cases.
That's built-in:
>>> "Hello World!".encode('rot-13')
'Uryyb Jbeyq!'
--
Cheers,
Simon B.
Tim Golden
> "Hello World!".encode('rot-13')
Not any more!
<dump>
Python 3.1.1 (r311:74483, Aug 17 2009,
win32
Type "help", "copyright", "credits" or
>>> "Hello World!".encode('rot-13')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
LookupError: unknown encoding: rot-13
>>>
</dump>
TJG
Gregory Ewing
> A much, much stronger version of the
> Because the algorithm was still not good enought some clever guy called
> Turing and his team was able to crack the enigma.
Actually I gather it had a lot to do with the fact that
the Germans made some blunders in the way they used the
Enigma that seriously compromised its security. There
was reportedly a branch of the German forces that used
their Enigmas differently, avoiding those mistakes, and
the British never managed to crack any of their messages.
--
Greg
Gregory Ewing
> It also turned out that everybody mostly writes his/her
> own obfuscation routine.
Hey, it gives you the additional advantage of obfuscation
by obscurity!
--
Greg
Christian Heimes
> Actually I gather it had a lot to do with the fact that
> the Germans made some blunders in the way they used the
> Enigma that seriously compromised its security. There
> was reportedly a branch of the German forces that used
> their Enigmas differently, avoiding those mistakes, and
> the British never managed to crack any of their messages.
IIRC some versions of the Enigma weren't cracked because they used a
different setup and different daily keys.
The predecessor of the Enigma was cracked by Polish scientists years
before WW2 started. Some flaws in the instructions and a known plain
text attack made the crack of the Enigma practical. It took the British
scientists merely hours rather than days or weeks to decipher the daily
key with some smart tricks. For example they started fake attacks on
ships or cities just to have the names in some encrypted reports.
Paul Rubin
> Actually I gather it had a lot to do with the fact that the Germans
> made some blunders in the way they used the Enigma that seriously
> compromised its security. There was reportedly a branch of the German
> forces that used their Enigmas differently, avoiding those mistakes,
> and the British never managed to crack any of their messages.
I think you are thinking of the Kriegsmarine (naval) Enigma. Yes they
were more careful with procedures, but the machine was also harder to
crack because it had four rotors instead of three. IIRC, the Brits were
eventually (1942?) able to capture one by shooting up a German submarine
and boarding it to get the machine while the sub was sinking; a British
sailor wasn't able to get out in time and drowned during that operation.
Getting the rotor settings off the captured unit (they may have had to
do it more than once) was enough to get a foothold into the code. My
memory is hazy on this by now so I may have some parts wrong, but David
Kahn's book "Seizing the Enigma" tells the story (I read it many years
ago). A fictionalized version appears in Neil Stephenson's novel
"Cryptonomicon".
MRAB
> Gregory Ewing wrote:
>> Actually I gather it had a lot to do with the fact that the Germans
>> made some blunders in the way they used the Enigma that seriously
>> compromised its security. There was reportedly a branch of the
>> German forces that used their Enigmas differently, avoiding those
>> mistakes, and the British never managed to crack any of their
>> messages.
>
> different setup and different daily keys.
>
> The predecessor of the Enigma was cracked by Polish scientists years
> before WW2 started. Some flaws in the instructions and a known plain
> text attack made the crack of the Enigma practical. It took the
> British scientists merely hours rather than days or weeks to decipher
> the daily key with some smart tricks. For example they started fake
> attacks on ships or cities just to have the names in some encrypted
> reports.
>
recipient!
The Americans decoded Japanese messages about an planned attack on an
island, but didn't know which one because of the fake names, so they
instructed their bases to report certain problems in a way that the
Japanese could decode.
Midway reported a shortage of water, the Japanese decoded it and sent a
message about it, the Americans decoded their message and discovered
that island's fake name, and thus found out that Midway was the intended
target of the attack.
Matthew Barnett
U-559? I think that's the one where Hollywood made a film about it, but
portraying it as a purely American action. That didn't go down too well
in the UK!
MRAB
U-559? I think that's the one where Hollywood made a film about it, but
Mark Lawrence
> Gregory Ewing wrote:
>> the Germans made some blunders in the way they used the
>> Enigma that seriously compromised its security. There
>> was reportedly a branch of the German forces that used
>> their Enigmas differently, avoiding those mistakes, and
>> the British never managed to crack any of their messages.
>
> different setup and different daily keys.
>
> The predecessor of the Enigma was cracked by Polish scientists years
> before WW2 started. Some flaws in the instructions and a known plain
> text attack made the crack of the Enigma practical. It took the British
> scientists merely hours rather than days or weeks to decipher the daily
> key with some smart tricks. For example they started fake attacks on
> ships or cities just to have the names in some encrypted reports.
I believe that all of Enigma was eventually cracked cos of two major flaws.
1) A letter could never be sent as itself.
2) The Luftwaffe were very poor when compared to the Wehrmacht or
Kriegsmarine about security so they were a major leak of data regarding
the other organisations.
3) The users instead of using random three letter combinations kept
using the same ones. HIT LER and BER LIN were popular, but the most
famous one at Bletchley Park was the name of the guy's girlfriend.
Further, the far more powerful Geheimscreiber was also cracked at
Bletchley by using Colossus. Sorry some years since I read the book
about this so can't remember the title or author.
Regards.
Mark Lawrence.
Paul Rubin
>> The predecessor of the Enigma was cracked by Polish scientists years
> I believe that all of Enigma was eventually cracked cos of two major
> flaws.
I think it never would have been cracked if it hadn't been cracked
(whether by the Brits or the Poles) before the war started, using
commercial versions of the Enigma that they had access to. The military
Enigma and its operating methods got more sophisticated as the war went
on, and the cryptanalysts were able to keep up with it by incrementally
improving techniques that they were already using at scale. If they
were suddenly confronted with the full-blown military system in the
middle of the war, it would have been a lot harder to do anything about
it. At least, most of the Enigma-related books I've read give that
impression and even come out and say such things.
> Further, the far more powerful Geheimscreiber was also cracked at
> Bletchley by using Colossus. Sorry some years since I read the book
> about this so can't remember the title or author.
See http://en.wikipedia.org/wiki/Colossus_computer
That was almost at the end of the war though.
Bob Martin
>See http://en.wikipedia.org/wiki/Colossus_computer
>That was almost at the end of the war though.
Colossus was working by the end of 1943 - the year that the Americans first dropped
bombs on Germany ;-)
Tim Golden
And for those who haven't been to Bletchley Park [*] I recommend it.
Not only is it full of interesting stuff, but it has an engagingly
amateurish air about it which I personally prefer to the sleek-and-shiny
nature of many museum-y places today. When I was there last summer I
was disappointed to see that they'd closed the Pigeon Museum. But the
Model Railway club was still there (altho' we were too late in the day
to get in) and the new Computing Museum is full of delightful nostalgic
clutter being worked on by enthusiastic people. My kind of place..
TJG
Jean-Michel Pichavant
JM
Bob Martin
If I must spell it out ;-)
Near the end for us Brits but the Americans were only just getting into the action
in Europe.
Mark Lawrence
> Mark Lawrence <bream...@yahoo.co.uk> writes:
>>> The predecessor of the Enigma was cracked by Polish scientists years
>>> before WW2 started....
>> I believe that all of Enigma was eventually cracked cos of two major
>> flaws.
>
> I think it never would have been cracked if it hadn't been cracked
> (whether by the Brits or the Poles) before the war started, using
> commercial versions of the Enigma that they had access to. The military
> Enigma and its operating methods got more sophisticated as the war went
> on, and the cryptanalysts were able to keep up with it by incrementally
> improving techniques that they were already using at scale. If they
> were suddenly confronted with the full-blown military system in the
> middle of the war, it would have been a lot harder to do anything about
> it. At least, most of the Enigma-related books I've read give that
> impression and even come out and say such things.