473,232 Members | 1,528 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,232 software developers and data experts.

Encryption and hashing

Since that I'm working to let encrypt/hash data in the data base of my
projects I have been looking for libraries and/or wrappers. So I want
give my feedback about it.

In the first I found PyCrypto [1] but I see any problems:

* I think that isn't been maintained because the last modification of
its web was on 30 Sep 2006
* Since that has not been uploaded to SourceForge [2] we cann't know
when was released the last version
* There algorithms more secure and modern that it hasn't.

Then, I found 2 great C libraries that are being maintained and
updated with many algorithms. They're MCrypt [3] and MHash [4], and
both have released the last version on this year.

For who knows any of criptography I comment that you can use
algorithms as secure as Rijndael, Twofish, or Serpent with the CFB
cipher mode. And for hash you can use RIPEMD, SHA-2 or WHIRLPOOL.

And the best is that there are wrappers for Python [5] [6].
For if anybody is interested on playing with them:

In the first you need the headers. In Debian/Ubuntu:
$ sudo apt-cache install libmcrypt-dev libmhash-dev

$ wget http://labix.org/download/python-mcr...ypt-1.1.tar.gz
$ wget http://labix.org/download/python-mha...ash-1.4.tar.gz
$ tar xzf python-mcrypt*.tar.gz; tar xzf python-mhash*.tar.gz
$ cd python-mhash*; sudo python setup.py install; cd ..
$ cd python-mcrypt*; sudo python setup.py install; cd..
[1] http://www.amk.ca/python/code/crypto
[2] http://sourceforge.net/projects/pycrypto
[3] http://mcrypt.sourceforge.net/
[4] http://mhash.sourceforge.net/
[5] http://labix.org/python-mcrypt
[6] http://labix.org/python-mhash

Aug 17 '07 #1
7 3117
For who knows any of criptography I comment that you can use
algorithms as secure as Rijndael, Twofish, or Serpent with the CFB
cipher mode. And for hash you can use RIPEMD, SHA-2 or WHIRLPOOL.
As I recall, PyCrypto can also use these, and many others. And it can
also do RSA.
And the best is that there are wrappers for Python [5] [6].
One advantage of PyCrypto is that it works on many platforms. If
standard C extensions are not available, it will fall back to a pure
python implementation. Well yes, sometimes it is slow. But it is also
much easier to use than pyOpenSSL, for example. (BTW you forgot to
mention some other popular ones, like pyOpenSSL, mcrypto2 etc.)

Laszlo
Aug 17 '07 #2
Kless <jo*******@googlemail.comwrites:
For who knows any of criptography I comment that you can use
algorithms as secure as Rijndael, Twofish, or Serpent with the CFB
cipher mode. And for hash you can use RIPEMD, SHA-2 or WHIRLPOOL.
PyCrypto does includes the AES version of Rijndael as Crypto.Cipher.AES
and the 256-bit version of SHA-2 as Crypto.Hash.SHA256.

-Marshall

Aug 17 '07 #3
On 17 ago, 20:34, Laszlo Nagy <gand...@shopzeus.comwrote:
For who knows any of criptography I comment that you can use
algorithms as secure as Rijndael, Twofish, or Serpent with the CFB
cipher mode. And for hash you can use RIPEMD, SHA-2 or WHIRLPOOL.

As I recall, PyCrypto can also use these, and many others. And it can
also do RSA.
These are the algorithms supported in the last version of PyCrypto:

$ ls pycrypto-2.0.1/src/
AES.c Blowfish.c DES.c IDEA.c
RIPEMD.c winrand.c
ARC2.c cast5.c _dsa.c MD2.c
_rsa.c XOR.c
ARC4.c CAST.c _fastmath.c MD4.c SHA256.c
block_template.c DES3.c hash_template.c RC5.c
stream_template.c

So it haven't Twofish, Serpent, neither Whirlpool. Neither many others.

Aug 17 '07 #4
Kless <jo*******@googlemail.comwrites:
So it haven't Twofish, Serpent, neither Whirlpool. Neither many others.
Unless you have an interoperability requirement or some other specific
issue, you should stick with AES and the SHA2 family. Don't make your
own cipher selections unless you know completely what you're doing.
This is especially the case for business applications in the US, since
AES and SHA are US federal standards and if you use them and something
goes wrong with them, you can at least say you followed the standard.
If you use anything else, you will have more to answer for.
Aug 17 '07 #5
These are the algorithms supported in the last version of PyCrypto:

$ ls pycrypto-2.0.1/src/
AES.c Blowfish.c DES.c IDEA.c
RIPEMD.c winrand.c
ARC2.c cast5.c _dsa.c MD2.c
_rsa.c XOR.c
ARC4.c CAST.c _fastmath.c MD4.c SHA256.c
block_template.c DES3.c hash_template.c RC5.c
stream_template.c

So it haven't Twofish, Serpent, neither Whirlpool. Neither many others.
OK sorry, I was wrong. Isn't blowfish a better version of twofish anyway?

Aug 18 '07 #6
Laszlo Nagy <ga*****@designaproduct.bizwrites:
OK sorry, I was wrong. Isn't blowfish a better version of twofish anyway?
No.
Aug 18 '07 #7
On 18 ago, 00:20, Paul Rubin <http://phr...@NOSPAM.invalidwrote:
Kless <jonas....@googlemail.comwrites:
So it haven't Twofish, Serpent, neither Whirlpool. Neither many others.

Unless you have an interoperability requirement or some other specific
issue, you should stick with AES and the SHA2 family. Don't make your
own cipher selections unless you know completely what you're doing.
This is especially the case for business applications in the US, since
AES and SHA are US federal standards and if you use them and something
goes wrong with them, you can at least say you followed the standard.
If you use anything else, you will have more to answer for.
Well, I only know that I choose the best public cryptographic
algorithms.

SHA-2 has been designed by the National Security Agency (NSA), and I'm
sure that many people trust on the NSA so that every people make its
election.
But I'm sure that many people will avoid use algorithms recommend by
the governement. And I don't know why :P, they always say the truth
and we must trust on them. I'm sure that having great experts on
cryptography they are not bee able of put a backdoor indetectable or
better to debilitate the algorithm so that it is easier to break it.

Aug 18 '07 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

14
by: Ray Cassick \(Home\) | last post by:
Ok, time to ask the question here.. I have been battling over this one for sometime now and just have to ask it. I have created a few classes that I use to act a security keys. These classes get...
10
by: joshsackett | last post by:
I am starting an encryption project for my database and I'm performing some tests on decryption speed. A lot of my application queries use a LIKE parameter in the WHERE clause. To keep from...
34
by: jlocc | last post by:
Hi! I was wondering if someone can recommend a good encryption algorithm written in python. My goal is to combine two different numbers and encrypt them to create a new number that cann't be...
1
by: JIjo | last post by:
Language: C Database: SQL Serve Requirement: To Encrypt password in Database .It is not necessary to decrypt password back Is it better to go with hashing (one way) or encryption? What are the...
7
by: Alan Silver | last post by:
Hello, I am writing a page where sensitive data is collected (over SSL) and stored in a database. I have been looking at the .NET encryption classes, but am a bit confused as to which is best...
6
by: Jayender | last post by:
Hi, What is the difference between Hashing and Encryption ?
25
by: eggie5 | last post by:
I have a form where a user can change his password, but I'm confused on how to prevent this from being transmitted in plain text. Well, I know how not to transmit it in plain text - use any type...
22
by: j1mb0jay | last post by:
I have had to create a simple string encryption program for coursework, I have completed the task and now have to do a write up on how it could be improved at a later date. If you could look...
19
by: klenwell | last post by:
Another request for comments here. I'd like to accomplish something like the scheme outlined at this page here: http://tinyurl.com/3dtcdr In a nutshell, the form uses javascript to hash...
2
by: Rodrigo m. Ferreira | last post by:
Hi, How do I encrypt information for storing in cookies? I used the MD5, but I don't know how to decrypt information. Can you help me? Rodrigo M. Ferreira
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.