Web Development - Page-by-Page Notes

Page 1

  • Code snippet overview (as provided in transcript):
    • Shebang: #!/usr/bin/env python3 indicating a Python 3 script.
    • Import line: from Crypto. PublicKey import RSA (note the spacing appears to be a formatting issue; intended to be from Crypto.PublicKey import RSA), suggesting usage of the PyCrypto/PyCryptodome library for RSA operations.
    • Section headings included as plain text in the transcript: INTRODUCTION TO WEB and SYSTEMS AND TECHNOLOGIES.
    • Loop: for i in range (1, 6): which iterates with i taking values in the set extrange(1,6)=1,2,3,4,5ext{range}(1,6)={1,2,3,4,5}, i.e., 5 iterations.
    • Key loading: key = RSA.importKey(f.read()) implies reading key material from a file-like object and importing it as an RSA key.
    • Output handling: with open('().enc'.format(i), 'wb') as f: shows intent to open a file for binary write, with a filename intended to incorporate the iteration index i (though '().enc' is not a valid format string in Python as written).
    • Encryption call: f.write(key.encrypt(FLAG.encode(), None)[0]) shows encryption of a string FLAG to produce ciphertext. The [0] index indicates the first element of the returned tuple (in PyCrypto, encrypt returns a tuple (ciphertext, random_seed) or similar depending on version). The second argument None represents a missing RNG/source of randomness, which is insecure in practice.
  • Implications and observations:
    • This illustrates a basic RSA encryption workflow: load a key, encrypt a message, and write the ciphertext to a file. In practice, modern libraries discourage using RSA.encrypt directly due to padding and security concerns; OAEP padding (e.g., PKCS1_OAEP in PyCryptodome) is recommended.
    • The code appears to encrypt the same FLAG for five iterations, potentially producing five ciphertext files, one per i.
    • Potential issues to be aware of:
    • Insecure randomness: passing None for the RNG is insecure and should be avoided; use a secure padding scheme that requires proper randomness.
    • The use of encrypt for RSA in PyCrypto/PyCryptodome without proper padding is discouraged; modern usage relies on padding schemes like OAEP.
    • Filename formatting seems malformed ('().enc'.format(i)); in actual code this should be something like `f