Jim's
Tutorials

Fall 2018
course
site

Used PyNacl to implement symmetric secret key encryption using their defaults. They use the Salsa20 stream cipher with Poly1305 MAC authentication. Because it's a stream cipher a nonce is necessary and they include a method for generating a nonce. Here's the output from running encryption and decryption:

>> python3 symmetric-encryption.py
Please type a message you would you like to encrypt:  hello
encrypting message with nonce and mac authentication information
length of unencrypted message = 5
length of encrypted message = 45
24 byte nonce = b'\xdc\x806\xb3\xc1\xf0\xcc&D4J\t\x00\x15=\x11"}&v\xbd\rY\xd4'
encrypting message without nonce - length of encrypted message + authentication MAC = 21
macbytes = 16
decrypted message = hello

Used PyNacl to implement public/private key encryption. The algorithm used to calculate public/private/shared keys is Curve25519. An interesting aside might be to compile the curve library at https://cr.yp.to/ecdh.html and use it to create a c-program to do similar things. I used a slightly edited version of the example code at https://pynacl.readthedocs.io/en/stable/public/.

>> python3 public-private.py
what message would like to send to alice?
Would you like to have some cake?
encrypting message to:
b'E\xa2\xcd\xb5\xcbj\xb6\xbfN\xdf\x9a2d\xd1\x86L\xa4sSQV\xb7\x0f\n\x8f\xcaz\xc9\xf3\xa5\x04\x92\x95X\xdc\x87\xb6\x1e\xb6,\xa0]{P\xd9\xce\xc2\x9b\x96\xe7\xe5-+\xa4<\x9e\xa4\xe1\r\x9aM\xe2\xb3\xe1\x04^\xb9\x84\xa1\xcaZsU'
decrypting message to:
Would you like to have some cake?

Used PyNacl to implement a hashing function for message verification. In this case I used SHA256 to calculate a hash of the message and verify its integrity. I'm still a little uncertain of the message encoding and decoding into hex-characters in the middle of this example but it seems to be necessary for calculating a SHA hash? Anyway, here's the output:

>> python3 hashing.py
what message would like to send to alice?
Would you like to eat some cake?
creating digest from hash function
b'489fb3a1de7d220c868f5f48838c02209ecda2cf2801be439baec279acdaa834'
shortening and modifying message to see if the recalculated hash matches
original message:
b'Would you like to eat some cake?'
b'shorteded message: Would you like to eat some cake'
b'modified messagemodifiedWould you like to eat so'
Digest of original message equals original digest
Digest of truncated message is different from original digest
Digest of modified message is different from original digest

As an aside I started reading about what it might take to create a toy cryptographic hash function... but I both got distracted reading about other parts of it and came to the conclusion that fully understanding the math wasn't all that useful. I get the idea that you take the message as an input key and do a bunch of both linear and non-linear bitwise operations. There's a lot of Xoring and shifting and &ing and sifting through internal states in complicated ways.

I got distracted reading about password hashing as I had no idea what it was and it seems like a particularly useful and clever layer of security. I generally understood that rails was doing something to "encrypt" passwords auto-magically but hashing them before storing them makes a lot of sense. This was a particularly interesting discussion about password hashing, how it is mostly done wrong, and why it is necessary use more secure hash-functions than are typically used elsewhere if you are assuming your data will be compromised. I found it amusing that using computationally slow hashing functions on both the memory and cpu processing side is potentially necessary to thwart parallel processing brute-force attacks.

https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords/31846#31846

attachments [paper clip]

  last modified size
TXT hashing.py Wed Dec 04 2024 08:49 am 1.3K
TXT public-private.py Wed Dec 04 2024 08:49 am 1.4K
TXT symmetric-encryption.py Wed Dec 04 2024 08:49 am 2.0K