simple symetric encryption advice

[David Bear]

I would like some advice on what crypto lib to use. I am writing a cgi
app that will store sensative data in a backend postgresql server. I
have some simple numeric data I would like to make as safe as
possible, without too much overhead.

The goal would be to store the information in a simple reversable
encrypted form. The encryption key would live only in the python app
that was accessing the data. So perhaps there are two general
questions that could be asked.

1) has anyone else done this, and was it worth the extra overhead in
terms of data security.. yes, I know the system will only be as secure
as the python code.

2) more important to me, what crypto lib would make sense to use. I
was looking at using symetric key ciphers because the data will need
to be decrypted as well. I looked at the rotor class but there's a big
note that it has been deprecated.. Anyone have a recommendation as to
something better?

by better I would mean: 1) something reasonably fast, (retreiving 1000
tupples of something should require much time to decrypt) 2) something
that the code is fairly well reviewed and tested -- (I know all python
modules are well reviewed and tested, but there must be some modules
that are more equal than others).

Any advice appreciated.

 

[Josiah Carlson]

I would like some advice on what crypto lib to use. I am writing a cgi
app that will store sensative data in a backend postgresql server. I
have some simple numeric data I would like to make as safe as
possible, without too much overhead.

The goal would be to store the information in a simple reversable
encrypted form. The encryption key would live only in the python app
that was accessing the data. So perhaps there are two general
questions that could be asked.

1) has anyone else done this, and was it worth the extra overhead in
terms of data security.. yes, I know the system will only be as secure
as the python code.

2) more important to me, what crypto lib would make sense to use. I
was looking at using symetric key ciphers because the data will need
to be decrypted as well. I looked at the rotor class but there's a big
note that it has been deprecated.. Anyone have a recommendation as to
something better?

by better I would mean: 1) something reasonably fast, (retreiving 1000
tupples of something should require much time to decrypt) 2) something
that the code is fairly well reviewed and tested -- (I know all python
modules are well reviewed and tested, but there must be some modules
that are more equal than others).

Check out the pure Python TLS Lite and its AES or RC4 ciphers (no
worries about compilation). They should be reasonable for most tasks,
and if you need more speed, There's always using PyCrypto, OpenSSL and
Cryptlib.

- Josiah