An interesting crypto vulnerability

I came across an interesting tweet by Juliano Rizzo. The correct answer is that the statement is true if several (very unlikely to happen in the real world) conditions are met. Let us take a look at why it happens and what conditions have to be met for this to work. 1. HMAC I …
Read more...

A faster PBKDF2 for Python

I came across a blog post titled "PBKDF2: performance matters" where the author discusses how most implementations of PBKDF2 are slower than it otherwise could be. After reading the blog post, I decided to write some Python bindings to see how much of a performance incr…
Read more...

Introducing python-aead

Cryptography libraries often have complicated APIs with many different options to tweak. It is a goal PyCA's cryptography library to provide safe and easy to use APIs for common cryptographic tasks. To that end, the cryptography package has a Fernet recipe for symmetric encryptio…
Read more...

Look before you pip

For Python programmers, downloading Python packages from PyPI, the Python Package Index, is second nature. Tools like pip and conventions like the requirements.txt file that most Python projects follow provides a consistent way of specifying project dependencies. However, install…
Read more...

Using a single password for Authentication and Encryption

A common scenario in web applications involve using a single password as a means of authentication as well as a means to derive a secret for use in encrypting data. Many strong key derivation functions like pbkdf2, bcrypt or scrypt have properties that make them strong password h…
Read more...