[Twisted-Python] Re: How to make a secure connection between two computers

Jean-Paul Calderone exarkun at divmod.com
Wed Feb 13 17:35:03 EST 2008

On Wed, 13 Feb 2008 22:21:53 +0000, Noam Raphael <noamraph at gmail.com> wrote:
>2008/2/13, Jean-Paul Calderone <exarkun at divmod.com>:
>> When you invented a new crypto protocol, the default is that you have
>> lost.  Sorry, that's just how it goes.  I already see one weakness in
>> your code, as compared to SSL.  I'm sure there are more.  Google Gutmann
>> sound wave therapy if you need further convincing.
>> Even if you don't use Twisted, use SSL.
>Well, you are probably right.
>Just wondering: can you tell me what's the weakness you found? (I
>might learn some cryptology from this...)

You used the same keys for authentication (challenge/response) as for
producing ciphertext.

>Another, not really related, question: Do you know if someone used the
>new coroutine-generators in python2.5 as a way to write servers? It

Python 2.5 generators aren't coroutines.  This isn't really relevant to
your question, but it might help to know if you ever talk to someone who
is used to real coroutines.

>seems to me like something that can make writing servers much easier,
>since a function is much more natural than a state machine (that's the
>reason I wrote this protocol without twisted).

You might be interested in twisted.internet.defer.inlineCallbacks.  Of
course, one might argue about your description of one style over the other
as more "natural" since programming is always a wholly unnatural act, but
that would probably just be a waste of time.


More information about the Twisted-Python mailing list