I understand the difference between Hashing and Encryption. I am looking for a simple way to implement encryption/decryption strings in Python. Most of the ways I found on-line was about using Hashing algorithms ( MD5 - SHA-1 etc... ) in order to do one way hashing. But unfortunately, hashing is irreversible. Any suggestions ?
0
votes
Why would you want to recover a password? If you can recover it, so can the bad guys.
– Patrick Haugh
Do not encrypt passwords, when the attacker gets the DB he will also get the encryption key. Iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as password_hash, PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.
– zaph
To encrypt strings use AES (Advanced Encryption Standard).
– zaph
For simple encryption use a crypto library and AES-CBC. If you want to dive in deeper, then write your own RC4 implementation. That is obsolescent/insecure now, but lets you see how a simple stream cipher works from the inside.
– rossum
1 Answers
1
votes
You might be doing something wrong.
If you don't want to give an attacker access to all passwords stored in the database, you should not reverse the hash to recover the password and compare it with input. You should hash the input and compare that to the hashed password.
But maybe you aren't.
Perhaps you still would like to encrypt something, in such a way that it is possible to decrypt it later. There's a module called PyCrypto that can help you with this, implementing a large quantity of unique and strong algorithms to allow secure transport or storage of sensitive data.
