encryption/decryption help

Discussion in 'Python' started by drs, Jan 12, 2005.

  1. drs

    drs Guest

    Hi, I need to send secure data over an insecure network. To that end, I am
    needing to encrypt serialized data and then decrypt it. Is there a builtin
    way to do this in Python? MD5, SHA, etc encrypt, but I am not seeing a way
    to get back my data. Encryption is totally new to me, so any pointers of
    what to read up on would be appreciated.

    As a side note, I understand that I could use https, but this would involve
    changing things that I may not be at liberty to change -- though if this
    turns out to be the best solution, then I'll find a way to use it.

    Thanks
    drs, Jan 12, 2005
    #1
    1. Advertising

  2. drs

    Paul Rubin Guest

    "drs" <> writes:
    > Hi, I need to send secure data over an insecure network. To that end, I am
    > needing to encrypt serialized data and then decrypt it. Is there a builtin
    > way to do this in Python? MD5, SHA, etc encrypt, but I am not seeing a way
    > to get back my data.


    No, Python doesn't include any reversible encryption functions, because
    of regulatory obstacles in some countries. Here's a function based
    on SHA:

    http://www.nightsong.com/phr/crypto/p3.py

    It's not ideal and it's nonstandard, but it's written in pure Python
    and still has reasonable performance and should have ok security.

    It works on 32-bit processors but a simple fix is needed to make it
    work on 64-bit processors. I'll put that in when I get a chance.

    > Encryption is totally new to me, so any pointers of what to read up
    > on would be appreciated.


    Rule #1 is that there are a lot of subtle mistakes that can kill you.
    Try to use standard solutions when you can, instead of doing anything ad-hoc.

    The standard reference about crypto implementation is "Applied
    Cryptography" by Bruce Schneier. That's got all kinds of stuff about
    algorithms and protocols. You could also look at "Practical
    Cryptography" by Bruce Schneier and Niels Ferguson. That is more
    about what kinds of precautions you should take when implementing
    crypto. I disagree with some of what it says, but it's a start.

    Also, anyone implementing any type of security system (crypto or not)
    should read "Security Engineering" by Ross Anderson.

    > As a side note, I understand that I could use https, but this would involve
    > changing things that I may not be at liberty to change -- though if this
    > turns out to be the best solution, then I'll find a way to use it.


    Using https is almost certainly a better solution than rolling up
    something yourself. Do it if the option is available to you.
    Paul Rubin, Jan 12, 2005
    #2
    1. Advertising

  3. drs

    Kartic Guest

    Kartic, Jan 12, 2005
    #3
  4. MD5 and SHA are by their very nature one way encryption. You cannot
    decrypt them.

    A quick google for other encrytion methods found this:
    http://www.amk.ca/python/code/crypto.html

    What you will need to do is find an encryption methos that uses a key
    which you use to encrypt and decrypt the data.

    You could get hold of something like GPG which has a command line
    interface and encrypt and decrypt that way....

    drs wrote:

    >Hi, I need to send secure data over an insecure network. To that end, I am
    >needing to encrypt serialized data and then decrypt it. Is there a builtin
    >way to do this in Python? MD5, SHA, etc encrypt, but I am not seeing a way
    >to get back my data. Encryption is totally new to me, so any pointers of
    >what to read up on would be appreciated.
    >
    >As a side note, I understand that I could use https, but this would involve
    >changing things that I may not be at liberty to change -- though if this
    >turns out to be the best solution, then I'll find a way to use it.
    >
    >Thanks
    >
    >
    >
    >
    Daniel Bowett, Jan 12, 2005
    #4
  5. drs

    Jorgen Grahn Guest

    On 12 Jan 2005 12:39:05 -0800, Kartic <> wrote:
    > Hi,
    >
    > Can you use ssh tunneling? You will not be changing anything except add
    > an extra ssh layer to tunnel your data through.


    Or, rather, he wouldn't be changing anything at all in the program itself.
    The approach would be "Ok, so this protocol is insecure. If you want to
    protect yourself from eavesdropping and man-in-the-middle attacks along the
    ways, you have to feed it through an ssh tunnel or something similar".

    But we don't really know what this person wants to accomplish, so this may
    or may not be a viable option.

    /Jorgen

    --
    // Jorgen Grahn <jgrahn@ Ph'nglui mglw'nafh Cthulhu
    \X/ algonet.se> R'lyeh wgah'nagl fhtagn!
    Jorgen Grahn, Jan 12, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Srinivasa Reddy K Ganji

    database connection string encryption and decryption

    Srinivasa Reddy K Ganji, Jul 18, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    695
    Gary Varga
    Jul 18, 2003
  2. Replies:
    2
    Views:
    1,607
    Sushant Bhatia
    May 3, 2005
  3. Rogue Chameleon

    Encryption & Decryption

    Rogue Chameleon, Sep 23, 2004, in forum: Java
    Replies:
    6
    Views:
    574
  4. Replies:
    6
    Views:
    658
    DishanF
    Jan 12, 2005
  5. Philippe C. Martin

    Re: encryption/decryption help

    Philippe C. Martin, Jan 12, 2005, in forum: Python
    Replies:
    1
    Views:
    302
Loading...

Share This Page