Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

UNKNOWN

Project Description

This class implements a persistent dictionary using sqlite3 and encrypts the keys and the values of the dictionary in a way, that makes it very hard to bruteforce either the key or the values in the db.

example usage::
>>> from pcd import PersistentCryptoDict
>>> d=PersistentCryptoDict()
>>> print d
<pcd.PersistentCryptoDict instance at 0x8dcb54c>
>>> print d['my key']
None
>>> d['my key']='secret value'
>>> print d['my key']
secret value
>>> d['my key']='top secret value'
>>> print d['my key']
top secret value

Crypto

The key and the value in the dict is transformed according to the following algorithm (credit: dnet):

Setting values

  1. we calculate they keyhash - a hmac-sha512(salt,key)
  2. we split the key in half, the first half as a hexdigest (ascii), the second we keep as a binary
  3. we use the second binary half from step 2 of the keyhash to encrypt the value
  4. we use the ascii keyhash from step 2 as a key to the database, and the value is the encrypted result from step 3.

Getting values

  1. we calculate they keyhash - a hmac-sha512(salt,key)
  2. we split the key in half, the first half as a hexdigest (ascii), the second we keep as a binary
  3. we query the database using the ascii keyhash from step 2 as a key
  4. we use the second binary half from step 2 of the keyhash to decrypt the value

The database contains only the following pairs of data:

(hmac-sha512(key, salt).hexdigest()[:64], # key aes256-ofb(hmac-sha512(key, salt).digest()[32:], value)) # value

we diligently obey Schneier’s law: https://www.schneier.com/blog/archives/2011/04/schneiers_law.html, and thus we would consider the task to retrieve any meaningful data without huge rainbow tables from such a database a futile task. :)

Release History

Release History

This version
History Node

0.4.3

History Node

0.4.2

History Node

0.4

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
persistent_crypto_dict-0.4.3-py2.7.egg (5.5 kB) Copy SHA256 Checksum SHA256 2.7 Egg Feb 4, 2013
persistent_crypto_dict-0.4.3.tar.gz (3.6 kB) Copy SHA256 Checksum SHA256 Source Feb 4, 2013

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting