473,695 Members | 2,798 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

rotor replacement

I see rotor was removed for 2.4 and the docs say use an AES module
provided separately... Is there a standard module that works alike or
an AES module that works alike but with better encryption?

cheers,
reed

Jul 18 '05 #1
92 6467
"Reed L. O'Brien" <re**@intersieg e.com> writes:
I see rotor was removed for 2.4 and the docs say use an AES module
provided separately... Is there a standard module that works alike or
an AES module that works alike but with better encryption?


If you mean a module in the distribution, the answer is no, for
political reasons.

There are a number of AES modules available on the net. Most are C
extension modules which means you need to compile them, and if you
want to deploy them widely, you need binaries for every target platform.
There's a few pure-Python AES implementations but they are verrry slow.

Here's something written in Python that uses the built-in sha1 module
as a crypto primitive. Its security should be better than rotor and
performance is reasonable for most applications:

http://www.nightsong.com/phr/crypto/p3.py

Jul 18 '05 #2
Paul Rubin wrote:
"Reed L. O'Brien" <re**@intersieg e.com> writes:
I see rotor was removed for 2.4 and the docs say use an AES module
provided separately... Is there a standard module that works alike or
an AES module that works alike but with better encryption?

If you mean a module in the distribution, the answer is no, for
political reasons.

......I'm also missing the rotor module and regret that something useful
was warned about and now removed with no plugin replacement.

I had understood that this was because rotor was insecure, but you
mention politics. Are other useful modules to suffer from politics?

What exactly are/were the political reasons for rotor removal?

I might add that the source for rotormodule is still easily obtainable
and can be compiled trivially as an extension for Python-2.4. Does the
Python community take a position on the sources of removed modules?
--
Robin Becker
Jul 18 '05 #3
Robin Becker <ro***@SPAMREMO VEjessikat.fsne t.co.uk> writes:
What exactly are/were the political reasons for rotor removal?
Some countries have laws about cryptography software (against some
combination of export, import, or use). The Python maintainers didn't
want to deal with imagined legal hassles that might develop from
including good crypto functions in the distribution. Then it became
obvious that the same imagined hassles could also befall the rotor
module, so that was removed.
I might add that the source for rotormodule is still easily obtainable
and can be compiled trivially as an extension for Python-2.4. Does the
Python community take a position on the sources of removed modules?


Those are still free to distribute, but I'd advise against doing so
with the rotor module unless you absolutely need it for some
interoperabilit y purpose. Otherwise, it's insecure and should not be
used. The routine I posted was intended as a straightforward
replacement for the rotor module that doesn't depend on C compilers
and is reasonably secure. If you don't mind using C extensions,
there's various AES modules available, plus fancier packages like
mxCrypto.

Jul 18 '05 #4
Robin Becker <ro***@SPAMREMO VEjessikat.fsne t.co.uk> wrote:
Paul Rubin wrote:
"Reed L. O'Brien" <re**@intersieg e.com> writes:
I see rotor was removed for 2.4 and the docs say use an AES module
provided separately... Is there a standard module that works alike or
an AES module that works alike but with better encryption?

If you mean a module in the distribution, the answer is no, for
political reasons.

.....I'm also missing the rotor module and regret that something useful
was warned about and now removed with no plugin replacement.

I had understood that this was because rotor was insecure, but you
mention politics. Are other useful modules to suffer from politics?

What exactly are/were the political reasons for rotor removal?


Presumably he is talking about crypo-export rules. In the past strong
cryptography has been treated as munitions, and as such exporting it
(especially from the USA) could have got you into very serious
trouble.

However I believe those restrictions have been lifted (the cat having
been let out of the bag somewhat ;-), and its easy to do this for open
source encryption software. A wade through

http://www.bxa.doc.gov/Encryption/enc.htm

Might be interesting.

A case in point: the linux 2.6 kernel is chock full of crypo and comes
with implementations of AES, ARC4, Blowfish, Cast5+6, DES, Serpent,
Twofish, TEA, etc. The linux kernel+source surely goes everywhere
python does so I don't think adding strong crypto modules to python is
a problem now-a-days.

AES in the core python library would be very useful and it would
discourage people from writing their own crypto routines (looks easy
but isn't!)

--
Nick Craig-Wood <ni**@craig-wood.com> -- http://www.craig-wood.com/nick
Jul 18 '05 #5
Robin Becker <ro***@SPAMREMO VEjessikat.fsne t.co.uk> writes:
Paul Rubin wrote:
.....I'm also missing the rotor module and regret that something useful
was warned about and now removed with no plugin replacement.


Hm, yes. Here is a (rather slow) replacement:

"""This module is derived from Modules/rotormodule.c and translated
into Python. I have appended the Copyright by Lance Ellinghouse
below. The rotor module has been removed from the Python 2.4
distribution because

the rotor module uses an insecure algorithm and is deprecated.
=============== =============== =============== =============== ==

Of course, this does still hold. However, I think this module might
be used and adapted for demonstration purposes and might help some
poor users who have encrypted (or obfuscated) some old stuff with
the rotor module and have no access to older Python versions any
more.

Documentation can be found in

Python Library Reference, Guido van Rossum, Fred L. Drake, Jr., editor,
PythonLabs, Release 2.3.4 May 20, 2004
<http://www.python.org/doc/2.3.4/lib/module-rotor.html>

############### ############### ############### ############### #########
Copyright 1994 by Lance Ellinghouse,
Cathedral City, California Republic, United States of America.

All Rights Reserved

Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of Lance Ellinghouse
not be used in advertising or publicity pertaining to distribution
of the software without specific, written prior permission.

LANCE ELLINGHOUSE DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS, IN NO EVENT SHALL LANCE ELLINGHOUSE BE LIABLE FOR ANY SPECIAL,
INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
############### ############### ############### ############### #########
"""

class newrotor(object ):

def __init__(self, key, n_rotors=6):
self.n_rotors = n_rotors
self.setkey(key )

def setkey(self, key):
self.key = key
self.rotors = None
self.positions = [None, None]

def encrypt(self, buf):
# Reset (encrypt) positions and encryptmore
self.positions[0] = None
return self.cryptmore( buf, 0)

def encryptmore(sel f, buf):
return self.cryptmore( buf, 0)

def decrypt(self, buf):
# Reset decrypt positions and decryptmore
self.positions[1] = None
return self.cryptmore( buf, 1)

def decryptmore(sel f, buf):
return self.cryptmore( buf, 1)

def cryptmore(self, buf, do_decrypt):
size, nr, rotors, pos = self.get_rotors (do_decrypt)
outbuf = []
append = outbuf.append
for c in map(ord, buf):
if do_decrypt:
# Apply decrypt rotors and xor in reverse order
for i in xrange(nr-1,-1,-1):
c = pos[i] ^ rotors[i][c]
else:
# Apply xor and ecrypt rotors
for i in xrange(nr):
c = rotors[i][c ^ pos[i]]
append(c)

# Advance rotors, i.e. add the (fixed) rotor increments to the
# variable rotor positions with carry.
# Note: In the C-implementation, the result of the carry addition
# was stored to an "unsigned char". Hence the next carry
# is lost if pos[i] == size-1 and pnew >= size.
# Masking with 0xff simulates this behavior.
#
pnew = 0 # (pnew >= size) works as "carry bit"
for i in xrange(nr):
pnew = ((pos[i] + (pnew >= size)) & 0xff) + rotors[i][size]
pos[i] = pnew % size

return ''.join(map(chr , outbuf))

def get_rotors(self , do_decrypt):
# Return a tuple (size, nr, rotors, positions) where
# - size is the rotor size (== 256, because of 8-bit bytes)
# - nr is the number of rotors.
# - rotors is a tuple of nr encrypt or nr decrypt rotors
# for do_decrypt == 0 or do_decrypt == 1 respectively.
# - postions is a list of nr "rotor positions".
#
# The rotors represent the static aspect of the rotor machine which
# is initially computed from key and fixed during en/decryption.
# A rotor is a random permutation of range(size) extended
# by an "increment value" in range(size).
#
# The followng statements hold for a tuple of encrypt rotors E and
# and the corresponding tuple of decrypt rotors D.
#
# D[i][E[i][j]] == j for i in range(nr) for j in range(size)
#
# E[i][D[i][j]] == j for i in range(nr) for j in range(size)
#
# This means that the corresponding rotors E[i] and D[i] are
# inverse permutations.
# The increments are equal for the corresponding encrypt and
# decrypt rotors and have an odd value:
#
# D[i][size] == E[i][size] and E[i][size] == 1 mod 2 and
# 0 < E[i][size] < size for i in range(nr)
#
# The position vector represents the dynamic aspect.
# It changes after each en/decrypted character (the rotors
# are "advanced") . The initial position vector is also computed
# from the key
#
nr = self.n_rotors
rotors = self.rotors
positions = self.positions[do_decrypt]

if positions is None:
if rotors:
positions = list(rotors[3])
else:
# Generate identity permutation for 8-bit bytes plus an
# (unused) increment value
self.size = size = 256
id_rotor = range(size+1)

# Generate nr "random" initial positions and "random"
# en/decrypt rotors from id_rotor.
#
rand = random_func(sel f.key)
E = []
D = []
positions = []
for i in xrange(nr):
i = size
positions.appen d(rand(i))
erotor = id_rotor[:]
drotor = id_rotor[:]
drotor[i] = erotor[i] = 1 + 2*rand(i/2) # increment
while i > 1:
r = rand(i)
i -= 1
er = erotor[r]
erotor[r] = erotor[i]
erotor[i] = er
drotor[er] = i
drotor[erotor[0]] = 0
E.append(tuple( erotor))
D.append(tuple( drotor))
self.rotors = rotors = (
tuple(E), tuple(D), size, tuple(positions ))
self.positions[do_decrypt] = positions
return rotors[2], nr, rotors[do_decrypt], positions

def random_func(key ):
# Generate a random number generator that is "seeded" from key.
# This algorithm is copied from Python2.3 randommodule.c.
#
mask = 0xffff
x=995
y=576
z=767
for c in map(ord, key):
x = (((x<<3 | x>>13) + c) & mask)
y = (((y<<3 | y>>13) ^ c) & mask)
z = (((z<<3 | z>>13) - c) & mask)

# Emulate (unintended?) cast to short
maxpos = mask >> 1
mask += 1
if x > maxpos: x -= mask
if y > maxpos: y -= mask
if z > maxpos: z -= mask

y |= 1 # avoid very bad seed, why not for x and z too?

# Oh, dear, for compatibility, we must evaluate the first seed transition
# the hard way, later it becomes much simpler
x = 171 * (x % 177) - 2 * (x/177)
y = 172 * (y % 176) - 35 * (y/176)
z = 170 * (z % 178) - 63 * (z/178)
if x < 0: x += 30269
if y < 0: y += 30307
if z < 0: z += 30323
# At least all values are > 0 by now but may be greater than expected ..

def rand(n, seed=[(x, y, z)]):
# Return a random number 0 <= r < n
#
x, y, z = seed[0]
seed[0] = ((171*x) % 30269, (172*y) % 30307, (170*z) % 30323)
return int((x/30269.0 + y/30307.0 + z/30323.0) * n) % n

# Original code was like this:
# from math import floor
# val = x/30269.0 + y/30307.0 + z/30323.0
# val = val - floor(val)
# if val >= 1.0:
# val = 0.0
# n = int(val*n) % n

return rand

Jul 18 '05 #6
Thanks very much to all the folks who replied to this. I've been loking
for pure python encryption routines for a while and found this thread
very useful.

There is also a pure python des implementation in 'aps' an NTLM proxy
server.
Regards,
Fuzzy
http://www.voidspace.org.uk/python/index.shtml

Jul 18 '05 #7
Paul Rubin wrote:
Robin Becker <ro***@SPAMREMO VEjessikat.fsne t.co.uk> writes:
What exactly are/were the political reasons for rotor removal? Some countries have laws about cryptography software (against some
combination of export, import, or use).


I understand this to be true. Since I am trying to address encryption
in the zipfile module, and I know you actually follow a bit of the
encryption stuff, can you answer a question or two for me?
The Python maintainers didn't want to deal with imagined legal hassles
that might develop from including good crypto functions in the
distribution. Then it became obvious that the same imagined hassles
could also befall the rotor module, so that was removed.


Are you saying these hassles are, in fact, imaginary rather than real?
Is this because you feel python is over-cautious about the USA, or is
this an opinion on "essentiall y all countries?" This is not a quibble
or a kvetch; I would like your understanding about the world legal
state of dealing with encryption (which, I assure you, I won't take as
definitive). I would hate to think someone in, for example, the UAE,
was busted for downloading or republishing python "out-of-the-box."

Don't get me wrong, I'd love the answer to be "sure its fine," but my
current plans are to provide a way to connect a crypto package to
zipfile without providing any such package myself.

--Scott David Daniels
Sc***********@A cm.Org
Jul 18 '05 #8
Scott David Daniels <Sc***********@ Acm.Org> writes:
I understand this to be true. Since I am trying to address encryption
in the zipfile module, and I know you actually follow a bit of the
encryption stuff, can you answer a question or two for me?
Sure, I can try, so go ahead. There's more crypto expertise in
sci.crypt though.

Zipfile encryption is totally incompatible with the rotor module, by
the way, and traditionally it didn't use AES. There are a couple of
replacements for the traditional method that do use AES but that I
think are somewhat incompatible with each other.
> The Python maintainers didn't want to deal with imagined legal hassles
> that might develop from including good crypto functions in the
> distribution. Then it became obvious that the same imagined hassles
could also befall the rotor module, so that was removed.


Are you saying these hassles are, in fact, imaginary rather than real?


Well, I didn't want to say that the hassles were real, but I wasn't
trying to insinuate quite as much as it may have sounded. Like, I
don't drive my car at 100 mph on Main Street because I can imagine
what would happen and it's not pretty. The imagined carnage is a good
enough reason not to drive that way. However, I do feel that the
Python distributors are being over-cautious, see below.
Is this because you feel python is over-cautious about the USA, or is
this an opinion on "essentiall y all countries?" This is not a quibble
or a kvetch; I would like your understanding about the world legal
state of dealing with encryption (which, I assure you, I won't take as
definitive). I would hate to think someone in, for example, the UAE,
was busted for downloading or republishing python "out-of-the-box."
I think the Python maintainers were more concerned about that UAE
situation. However, the most widely deployed encryption software is
the SSL stack in just about every web browser (MSIE, Firefox, etc.)
and I'm sure lots of people are using those browsers in the UAE. The
Mozilla foundation isn't hestitating to ship the encryption as far as
I can tell.

See http://www.bxa.doc.gov/Encryption for the USA rules. Basically
for a free encryption program on the web, you're supposed to notify
the Dept. of Commerce by sending them an email when you publish it,
telling them where they can get it (address is on that site). As far
as anyone can tell, the DOC never does anything with those emails.
The rules are more complicated for nonpublished commercial programs,
crypto hardware, etc.
Don't get me wrong, I'd love the answer to be "sure its fine," but my
current plans are to provide a way to connect a crypto package to
zipfile without providing any such package myself.


I'd say provide a package if you can, unless you have realistic
concern about getting in trouble.
Jul 18 '05 #9
Nick Craig-Wood wrote:
Robin Becker <ro***@SPAMREMO VEjessikat.fsne t.co.uk> wrote:
Paul Rubin wrote:
"Reed L. O'Brien" <re**@intersieg e.com> writes:
I see rotor was removed for 2.4 and the docs say use an AES module
provided separately... Is there a standard module that works alike or
an AES module that works alike but with better encryption?
If you mean a module in the distribution, the answer is no, for
political reasons.

.....I'm also missing the rotor module and regret that something useful
was warned about and now removed with no plugin replacement.

I had understood that this was because rotor was insecure, but you
mention politics. Are other useful modules to suffer from politics?

.... Presumably he is talking about crypo-export rules. In the past strong
cryptography has been treated as munitions, and as such exporting it
(especially from the USA) could have got you into very serious
trouble.
well since rotor is a german (1930's) invention it is a bit late for
Amricans (Hollywood notwithstanding ) to be worried about its export
However I believe those restrictions have been lifted (the cat having
been let out of the bag somewhat ;-), and its easy to do this for open
source encryption software. A wade through


--
Robin Becker
Jul 18 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

46
4035
by: Robin Becker | last post by:
It seems that the rotor module is being deprecated in 2.3, but there doesn't seem to be an obvious alternative. I'm using it just for obfuscation. It seems we have ssl available in 2.3 for sockets, but there seems no obvious way to use that from python code. Is an alternative to rotor planned? -- Robin Becker
5
2148
by: rony steelandt | last post by:
I'm in the midle of porting a python 1.5 application to 2.4 I just discovered that the rotor encryption module isn't part anymore of the 2.4 distribution. Is there a way to add this module to 2.4, or what would be the simplest way to replace this. The existing application makes use of the rotor module everywhere, which means in a lot of modules.
1
1793
by: Protoman | last post by:
I'm writing a program that simulates the Enigma machine. I'm basing it around a class called Rotor. It has a ReverseRotor() fn that...reverse the rotor by how many steps. But it works strangely. Compile and run this: #include <iostream> #include <cstdlib> using namespace std; class Rotor
0
8559
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
8975
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8826
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
7652
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6487
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5832
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
1
2996
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2261
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
1971
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.