Re: encryption/decryption help
drs [EMAIL PROTECTED] writes: Hi, I need to send secure data over an insecure network. To that end, I am needing to encrypt serialized data and then decrypt it. Is there a builtin way to do this in Python? MD5, SHA, etc encrypt, but I am not seeing a way to get back my data. No, Python doesn't include any reversible encryption functions, because of regulatory obstacles in some countries. Here's a function based on SHA: http://www.nightsong.com/phr/crypto/p3.py It's not ideal and it's nonstandard, but it's written in pure Python and still has reasonable performance and should have ok security. It works on 32-bit processors but a simple fix is needed to make it work on 64-bit processors. I'll put that in when I get a chance. Encryption is totally new to me, so any pointers of what to read up on would be appreciated. Rule #1 is that there are a lot of subtle mistakes that can kill you. Try to use standard solutions when you can, instead of doing anything ad-hoc. The standard reference about crypto implementation is Applied Cryptography by Bruce Schneier. That's got all kinds of stuff about algorithms and protocols. You could also look at Practical Cryptography by Bruce Schneier and Niels Ferguson. That is more about what kinds of precautions you should take when implementing crypto. I disagree with some of what it says, but it's a start. Also, anyone implementing any type of security system (crypto or not) should read Security Engineering by Ross Anderson. As a side note, I understand that I could use https, but this would involve changing things that I may not be at liberty to change -- though if this turns out to be the best solution, then I'll find a way to use it. Using https is almost certainly a better solution than rolling up something yourself. Do it if the option is available to you. -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption/decryption help
MD5 and SHA are by their very nature one way encryption. You cannot decrypt them. A quick google for other encrytion methods found this: http://www.amk.ca/python/code/crypto.html What you will need to do is find an encryption methos that uses a key which you use to encrypt and decrypt the data. You could get hold of something like GPG which has a command line interface and encrypt and decrypt that way drs wrote: Hi, I need to send secure data over an insecure network. To that end, I am needing to encrypt serialized data and then decrypt it. Is there a builtin way to do this in Python? MD5, SHA, etc encrypt, but I am not seeing a way to get back my data. Encryption is totally new to me, so any pointers of what to read up on would be appreciated. As a side note, I understand that I could use https, but this would involve changing things that I may not be at liberty to change -- though if this turns out to be the best solution, then I'll find a way to use it. Thanks -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption/decryption help
Did you look at pycrypto ? http://www.amk.ca/python/code/crypto.html Regards, Philippe -- *** Philippe C. Martin SnakeCard LLC www.snakecard.com *** -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption/decryption help
Hi, Can you use ssh tunneling? You will not be changing anything except add an extra ssh layer to tunnel your data through. There is how-to at http://www.ccs.neu.edu/groups/systems/howto/howto-sshtunnel.html (or you can google for tunneling) Please note you can not use MD5 as it is not reversible. Thanks, --Kartic -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption/decryption help
On 12 Jan 2005 12:39:05 -0800, Kartic [EMAIL PROTECTED] wrote: Hi, Can you use ssh tunneling? You will not be changing anything except add an extra ssh layer to tunnel your data through. Or, rather, he wouldn't be changing anything at all in the program itself. The approach would be Ok, so this protocol is insecure. If you want to protect yourself from eavesdropping and man-in-the-middle attacks along the ways, you have to feed it through an ssh tunnel or something similar. But we don't really know what this person wants to accomplish, so this may or may not be a viable option. /Jorgen -- // Jorgen Grahn jgrahn@ Ph'nglui mglw'nafh Cthulhu \X/algonet.se R'lyeh wgah'nagl fhtagn! -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption/decryption help
MD5 and SHA are by their very nature one way encryption. You cannot decrypt them. Indeed, the point of these algorithms is to sign data (like a fingerprint). In order to encrypt you may go for Symmetrical algos (AES, 3DES with those, the key must be known on both sides of the pipe) or Asymmetrical (RSA ... - where you get a private key on one side and a public key on the other - good but slow). Often you find hybrid methods: you start your session with a public/private style method just to exchange a symmetrical key that you'll use for the rest of the session. Regards, Philippe -- *** Philippe C. Martin SnakeCard LLC www.snakecard.com *** -- http://mail.python.org/mailman/listinfo/python-list
Re: encryption/decryption help
For the problem described pycrypto is the best solution. Blowfish is simple and secure. The method you want to use is called security by obscurity. But chances are very high that the homebrewed scheme you will invent will not stand any serious crytoatack. First of all: both sides (sender and receiver) have to agree on the session key used. And this is the most dangerous exchange. Sure you can hard coded the key on both sides, but periodically you have to change them. I was facing similar problem: had to secure legacy Inet server. I started with stunnel (worked great, but was a little bit sluggish). Then I figured out how to implement IPSEC (both sides were W2K) and this was the safiest solution. Sorry but it does not involve Python :( -- http://mail.python.org/mailman/listinfo/python-list