[Twisted-Python] Re: How to make a secure connection between two computers

Jean-Paul Calderone exarkun at divmod.com
Tue Feb 12 16:14:36 MST 2008


On Wed, 13 Feb 2008 01:04:28 +0200, Noam Raphael <noamraph at gmail.com> wrote:
>
> [snip]
>>
>Well, in TLS, after handshaking, both sides have a shared secret they
>use for communication. I just skip the handshaking. (I do have a
>challenge-response in the protocol, so I don't think replaying will
>work.) But I did forget about hashing the data, so here's a better
>version:

When you invented a new crypto protocol, the default is that you have
lost.  Sorry, that's just how it goes.  I already see one weakness in
your code, as compared to SSL.  I'm sure there are more.  Google Gutmann
sound wave therapy if you need further convincing.

Even if you don't use Twisted, use SSL.

Jean-Paul




More information about the Twisted-Python mailing list