+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: Python cryptography or pycrypto (/thread-1773.html)
Python cryptography or pycrypto - lexlukkia - Jan-25-2017
I am torn between the two.
Which one should i use?
I will be creating an application that uses encryption.
It will encrypt any file... Mp3, videos, text, docs, etc...
I really don't know what to use since i am new to cryptography.
RE: Python cryptography or pycrypto - Larz60+ - Jan-25-2017
You can start by going here and searching: https://pypi.python.org/pypi
There are over 97 thousand packages to choose from,
just search on encryption. That alone will bring up over 100 possibilities
RE: Python cryptography or pycrypto - wavic - Jan-25-2017
It depends on what do you attempt to do with the encrypted files. If you distribute them you'll need private/public key encryption. Called also asymmetric. If you want them just encrypted, "simple" password encryption will do the job. You have to chose the level of security you want. Most of the algorithms are compromised. Some of them deliberately. If want security, stay away from any RSA encryption regardless it is a standard now. Stay away from any DES, DSA algorithms. Almost deprecated recently.
The obvious choice is ECC ( elliptic curve cryptography) 192, 256, 384, 521. ECC with 256 bits key is considered secure as DH, DSA, RSA with 3072 bits length key.
If you want a real encryption yet unbreakable, pay attention to One-time-pad. You are saying that the app will encrypt videos. If you use this encryption, you have to keep somewhere a big file random ( not all random generators are truly random ) data as a key. I think it is not practical for such a task.
See PyNacl module for encryption/decryption and bcrypt, passlib for hashing the passwords. You may see and GPG. There are several modules for this. GPG is useful because you can interact with other applications that are using PGP.
Don't forget to check what level of security you can use in legal. As I know there are restrictions in the USA, if you live there, for the encryption level used in the software.
RE: Python cryptography or pycrypto - lexlukkia - Jan-25-2017
thank you very much for the reply.
what i am currently trying now is AES.
but since you said that ECC is the best choice, i will get on to that.
RE: Python cryptography or pycrypto - wavic - Jan-25-2017
Hm! There is a catch, though. NIST curves have a weakness. curve25519/ed25519 seems transparent and considered uncompromised yet. Perhaps Breinpool curves too
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?hp&pagewanted=all
Do your research. I am not a crypto guy. I have an interest in it. My expertise has nothing with IT technologies. Cryptography involves a complex mathematic and I can't get it for now. This is why I prefer an OpenSource software. Other guys, actually experts, can look at it and see if there is something disturbing.