SlideShare uma empresa Scribd logo

Python Cryptography & Security Guide

Jose Manuel Ortega Candel
Jose Manuel Ortega Candel

This document provides an overview of Python cryptography and security topics including cryptography concepts like hashing, symmetric and asymmetric encryption, digital signatures, and Python libraries for working with cryptography like PyCrypto and Cryptography. It also discusses Django security best practices like using HTTPS, securing cookies and passwords, and access control.

Tecnologia
1 de 61
Baixar para ler offline
Python Cryptography & Security José Manuel Ortega | @jmortegac
https://speakerdeck.com/jmortega
Security Conferences
INDEX Introduction to cryptography1 OWASP & Best Practices4 Django Security3 PyCrypto and other libraries2 Steganography5
Introduction to cryptography Key terms Caesar Chiper Hash functions(MD5,SHA) Symetric Encryption(AES) Asimetric Encription(RSA) PBKDF2-Key derivation function
Key terms  Key: The piece of information that allows you to either encrypt or decrypt your data.  Plaintext: The information that you want to keep hidden, in its unencrypted form. The plaintext can be any data at all: a picture, a spreadsheet, or even a whole hard disk  Ciphertext: The information in encrypted form  Cipher: The algorithm that converts plaintext to ciphertext and vice-versa
Key terms advanced Salt – randomizes the hash of the key; prevents rainbow table attacks against the key IV (initialization vector) – randomizes the encrypted message; prevents rainbow table attacks against the message Derived Key – lengthens and strengthens the key via hashing; used instead of the original key; slows down brute-force attacks against the key
Caesar Chiper >>Ymnx%nx%r~%xjhwjy%rjxxflj3
Hash functions Calculate the checksum of some data File integrity checking Generate passwords Digital signatures and authentication MD5 SHA-2(256 and 512 bits) SHA-3
Hash functions
Hashlib functions One-way cryptographic hashing https://docs.python.org/2/library/hashlib.html >>03187564433616a654efef944871f1e4 >>bd576c4231b95dd439abd486be45e23d47a2cbb74b5348b3b113cef47463e15a >>d47b290aa260af8871294e1ad6b473bd48b587593f8dea7b1b5d9271df12ee081 85a13217ae88e95d9bd425f3ada0593f1671004a2b32380039d3c88f685614c >>8fadab23df7c580915deba5c6f0eb75bd32181f55c547a2b3999db055398095c33f 10b75c823a288e86636797f71b458
MD5 hash function Checking file integrity >>d41d8cd98f00b204e9800998ecf8427e
Hash passwords in DB Websites store hash of a password hashlib.sha256(‘password').hexdigest() >>'5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8'
Hash passwords in DB
Hash identifier For checking the type of Hash https://code.google.com/p/hash-identifier
Symetric encryption AES Shared key for encrypt and decrypt cipher key size (bytes in ASCII) AES-128 128 bits (16 bytes) AES-192 192 bits (24 bytes) AES-256 256 bits (32 bytes)
Asymetric encryption RSA 2 keys(public key and secret key) Public key(Pk) for encrypt Secret key(Sk) for decrypt Public key is derived from secret key
Asymetric encryption
Encryption vs Signing EncryptionWhen encrypting, you use their public key to write message and they use their private key to read it. SigningWhen signing, you use your private key to write message's signature, and they use your public key to check if it's really yours.
Digital signature Signing a message Only the owner of Pk/Sk pair should be able to sign the message
PyCrypto Supports Hash operations Block cipher AES,RSA Sign/verify documents >> pip install pycrypto https://pypi.python.org/pypi/pycrypto
PyCrypto Hash functions from Crypto.Hash import SHA256 SHA256.new(‘password').hexdigest() >>'5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8' from Crypto.Hash import SHA512 SHA512.new(‘password').hexdigest() >>'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb98 0b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
PyCrypto AES >>> d1a2ea7f9661fae8b46b3904b0193ab81516653f73216dfeb5f51afde3d405b2 a secret message
PyCrypto PBKDFimport Crypto.Random from Crypto.Protocol.KDF import PBKDF2 password = 'europython' iterations = 5000 key = '' salt = Crypto.Random.new().read(32) key = PBKDF2(password, salt, dkLen=32, count=iterations) print 'Random salt (in hex):' print salt.encode('hex') print 'PBKDF2-derived key (in hex) of password after %d iterations: ' % iterations print key.encode('hex') Generating key from password A salt is a random sequence added to the password string before using the hash function. The salt is used in order to prevent dictionary attacks and rainbow tables attacks. Random salt (in hex): 724138b9d987a04bf05d285db678824f9b7e2b1232229711c2e0e2e556a0c19a PBKDF2-derived key (in hex) of password after 5000 iterations: d725de7de88e27d16c9c4f224d4c87159735708419d1c949074962b48ce26900
PyCrypto RSA Generate an RSA secret and public key pair from Crypto.PublicKey import RSA def generate_RSA(bits=1024): #Generate an RSA keypair with an exponent of 65537 in PEM format #param: bits The key length in bits #Return secret key and public key new_key = RSA.generate(bits, e=65537) public_key = new_key.publickey().exportKey("PEM") secret_key = new_key.exportKey("PEM") return secret_key, public_key
PyCrypto RSA Generate an RSA secret and public key pair -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYS9ITbjKu5i9i36FgzKg/HO3o 6CKGJ1c5E57qVlmYF6L1BcgH+eE+XiwJ6fWyShaVnZDuvUapWgQeOGZ60QBJ/vpu DdwqsuGoTeJNqaRT9ButJa+o+0tchRKBcM6zKUXYWc7kdAlxEpO2OXZEqxD7bd1O oxv7mEjqBpVXgNEVrwIDAQAB -----END PUBLIC KEY----- -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCYS9ITbjKu5i9i36FgzKg/HO3o6CKGJ1c5E57qVlmYF6L1BcgH +eE+XiwJ6fWyShaVnZDuvUapWgQeOGZ60QBJ/vpuDdwqsuGoTeJNqaRT9ButJa+o +0tchRKBcM6zKUXYWc7kdAlxEpO2OXZEqxD7bd1Ooxv7mEjqBpVXgNEVrwIDAQAB AoGAc0qqzTTWP5tYciRTmeE02RqAbJoXULHFkRruaf5WsxHptk3bIVakkr9d3V91 NbRqpnby+hjlvly701jlE8LW0QIccII9oWyV6kMSTEJMth9RlXpCbQY285pwg+bF zyEhQJmjMj1hMDJLQ8dXLCeqXZ37etYGHTT2XQ+q5TOW4YkCQQC5WDQHBhYa/Mzt UlXemLxv1ERaxt8zmXSX0bKjIkaYMv1SF3FskiN9Rm/zXvil3HuiySBq9g6/fPbN T1+dtiZTAkEA0lpsRUqamIbii18aBBQGs/FbrUa71ahpoU7+8wXMxNYQBfVGvlzs J+tKxSecMO196Hl4l5I14ASEs+4wKK5vtQJARe4gmzHRr1cIntY87eKk3nCxZaq5 Vkek9Q86nlB1YEGE0K9lrTgqSb8EyEdh+3qH73CBWboC8H7ew7IZ+nBaXwJBAJEO K8Vomcz+jvB/B0iyqqChmo+VzGecuCK1f9gEMt21o90H893H5E3u0mO8WdffnciX I1KaT66ITx5o7SrQh1UCQGqP8B9bpzXjxMuLUJuL1DoRP4QBGHoXokdu8gKAlPzp ZK8BKRSPRobwlNFlXWfXLAWIFwXIeqOblI20U/oNwNE= -----END RSA PRIVATE KEY-----
PyCrypto RSA from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP def encrypt_RSA(public_key, message): key = (public_key, "r").read() rsakey = RSA.importKey(key) rsakey = PKCS1_OAEP.new(rsakey) encrypted = rsakey.encrypt(message) return encrypted.encode('base64') from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP from base64 import b64decode def decrypt_RSA(secret_key, message): key = (secret_key, "r").read() rsakey = RSA.importKey(key) rsakey = PKCS1_OAEP.new(rsakey) decrypted = rsakey.decrypt(b64decode(message)) return decrypted
PyCrypto Sign/verify from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 from Crypto.Hash import SHA256 from base64 import b64encode, b64decode def sign_data(secret_key, data): key = (secret_key, "r").read() rsakey = RSA.importKey(key) signer = PKCS1_v1_5.new(rsakey) digest = SHA256.new() digest.update(b64decode(data)) sign = signer.sign(digest) return b64encode(sign) from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 from Crypto.Hash import SHA256 from base64 import b64decode def verify_sign(public_key, signature, data): ‘ #Verifies with a public key that the data was signed by their #private key pub_key = (public_key, "r").read() rsakey = RSA.importKey(pub_key) signer = PKCS1_v1_5.new(rsakey) digest = SHA256.new() digest.update(b64decode(data)) if signer.verify(digest, b64decode(signature)): return True return False
PyCrypto RSA/Sign/verifyTrue True True public_key <_RSAobj @0x2b56648 n(1024),e> encrypted data ('Ixe6xff M$x12xbbx95xeex02xcfx82Imtf+x1fxaeUxbdv` ^x94xfaxe6_x8bxedx8dxa3xabxfc xaex17x07=|x18xcax18jxc5x1dx01xad`xd6W ExfbUxd1x12x0c- xb6x9cxc4x07xaax93<xb5zw&x98xa2xdcx8e x9e- x06gQxcfxfaxc8r/xd5x98|xd5xcdgxb2xdaxcd: dxafxdexe2xcdxcdxf5{p`x07xbb~x1bxa4hHJ#c tE6xfaxc3x87x8dxf2O8,xe2W',) signature (445755122549853282247622461459180943435051515 5918916324891286777775175591376873419505852842 3900156177220742858645089371096255086061177099 8101038368420840785203067622854793789417670298 3088451295738677105320376959152029164761636442 8930467543317371804318093617486393498897888949 152557196686676342045445446511829L,) decrypt_data EUROPHYTON2015 True
Best practices Avoid hashing methods like MD5 or SHA-1,use at least SHA-2 or SHA-3 Key Stretching for strong passwords Preventing Brute-force or dictionary attacks for i in xrange(iterations): m = hashlib.sha512() m.update(key + password + salt) key = m.digest()
Cryptography $ pip install cryptography https://cryptography.io Support for Python 3 Support for modern algorithms such as AESGCM and HKDF Improved debugability and testability Secure API design
Cryptography https://cryptography.io
Cryptography https://cryptography.io
Django Security Are you vulnerable to the heartbleed bug? Are you enforcing SSL correctly? Did you set the proper flags for your cookies? Did you remember to disable weak ciphers?  How are you managing your secret keys?  Are you sure you authorise users correctly? https://www.securedjango.com
Django Security We can use frameworks for building API REST Tastypie django-rest-framework dj-webmachine Django-secure package https://www.securedjango.com http://django-tastypie.readthedocs.org/en/latest http://django-rest-framework.org http://benoitc.github.com/dj-webmachine
Django Security What provide these frameworks? Cross-site scripting(XSS) Protection Cross-site request forgery(CSRF) Protection SQL Injection Protection Clickjacking Protection Supports SSL/HTTPS Secure Password Storage with PBKDF2 algorithm and SHA256 Data Validation https://www.securedjango.com
Django Security https://www.ponycheckup.com/
Django Security https://www.ponycheckup.com/
Django Security https://www.ponycheckup.com/
Security best practices Always use HTTPS if you have anything non-public Proper SSL deployment Enable HTTPS with a proper server certificate Enforce HTTPS on your entire domain Configure redirects to enforce HTTPS usage Set the secure flag on all cookies Django only send session cookies over HTTPS SESSION_COOKIE_SECURE = true CSRF_COOKIE_SECURE_true
Security best practices Keep in secrets keys and credentials Put DEBUG=false in production in settings.py Use ALLOWED_HOSTS variable in production for setting a list of request allowed hosts names Limit access to admin with IP`s filter ALLOWED_HOSTS =[*] ALLOWED_HOSTS =['.yourdomain.com']
Password storage PBKDF2 + SHA256 by default PASSWORD_HASHERS = ( 'django.contrib.auth.hashers.PBKDF2PasswordHasher', 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', 'django.contrib.auth.hashers.SHA1PasswordHasher', 'django.contrib.auth.hashers.MD5PasswordHasher', 'django.contrib.auth.hashers.CryptPasswordHasher')
Password storageclass PBKDF2PasswordHasher(BasePasswordHasher): """ Secure password hashing using the PBKDF2 algorithm (recommended) Configured to use PBKDF2 + HMAC + SHA256. The result is a 64 byte binary string. Iterations may be changed safely but you must rename the algorithm if you change SHA256. """ algorithm = "pbkdf2_sha256" iterations = 24000 digest = hashlib.sha256 def encode(self, password, salt, iterations=None): assert password is not None assert salt and '$' not in salt if not iterations: iterations = self.iterations hash = pbkdf2(password, salt, iterations, digest=self.digest) hash = base64.b64encode(hash).decode('ascii').strip() return "%s$%d$%s$%s" % (self.algorithm, iterations, salt, hash) https://github.com/django/django/blob/master/django/contrib/auth/hashers.py/
OWASP
OWASP SQL injection Cross site Scripting(XSS)
SQL injection Never trust user-submitted data Django generates properly-escaped parameters SQL Using cursor method and bind parameter is the best option for avoid SQL INJECT from django.db import connection def select_user(request): user = request.GET['username'] sql = "SELECT * FROM users WHERE username = %s" cursor = connection.cursor() cursor.execute(sql, [user])
SQL injection Django ORM –QuerySets -Models Django automatically gives you a database-abstraction API that lets you create, retrieve, update and delete objects Write python classes and it will convert to SQL securely from django.db import models class Blog(models.Model): name = models.CharField(max_length=100) description = models.TextField() >>b = Blog(name=‘My Bblog', description=‘django security') >>> b.save()
SQL injection SQLMAP
Cross site Scripting Allows an attacker obtain session information Used with in phising sites Django’s render template system automatically escapes all variable values in HTML from django.shortcuts import render def render_page(request): user = request.GET['username'] return render(request, ‘page.html', {‘user’: user})
Security best practices in forms Validate form data with Django Forms package Use POST method in HTML Forms Use Meta.Fields in ModelForms
Steganography Hiding data(text/images) within images Where is stored the data?
Steganography In the pixels in RGB Components Altering the Least Significant Bit(LSB) Use one bit per pixel for storing data
Libraries in python Stepic http://domnit.org/stepic/doc
Libraries Stegano https://code.google.com/p/stegano-cb $ slsb.py --hide -i python.png -o python-secret.png –m “euro..” $ slsb.py --hide -i python.png -o python-secret.png –f img.png
Tools Cryptopng https://pypi.python.org/pypi/cryptoPNG/0.1
Hide text in image(LSB)
Reveal text from image(LSB)
Hide image inside an image
GitHub https://github.com/jmortega/europython
Book Hacking Secret Ciphers with python Free online http://inventwithpython.com/hacking/index.html
Thank you! José Manuel Ortega| @jmortegac

Recomendados

DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functionsMazin Alwaaly
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardDr.Florence Dayana
 
Ch02...1
Ch02...1Ch02...1
Ch02...1nathanurag
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 

Recomendados

DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functionsMazin Alwaaly
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardDr.Florence Dayana
 
Ch02...1
Ch02...1Ch02...1
Ch02...1nathanurag
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
ip security
ip securityip security
ip securityChirag Patel
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Cryptography
CryptographyCryptography
CryptographyJens Patel
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardtarekiceiuk
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
Transposition Cipher
Transposition CipherTransposition Cipher
Transposition Cipherdaniyalqureshi712
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing FunctionsYusuf Uzun
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 
Cryptography
CryptographyCryptography
Cryptographysubodh pawar
 
Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2AfiqEfendy Zaen
 
Caesar cipher
Caesar cipherCaesar cipher
Caesar cipherHossain Md Shakhawat
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
Cryptology
CryptologyCryptology
CryptologyRupesh Mishra
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptographyHossain Md Shakhawat
 
Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsAndrew McNicol
 
State of Crypto in Python
State of Crypto in PythonState of Crypto in Python
State of Crypto in Pythonjarito030506
 

Mais conteúdo relacionado

Mais procurados

Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardtarekiceiuk
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing FunctionsYusuf Uzun
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 
Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2AfiqEfendy Zaen
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 

Mais procurados (20)

Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
ip security
ip securityip security
ip security
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Ip security
Ip security Ip security
Ip security
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography ppt
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standard
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 
Transposition Cipher
Transposition CipherTransposition Cipher
Transposition Cipher
 
Cryptographic Hashing Functions
Cryptographic Hashing FunctionsCryptographic Hashing Functions
Cryptographic Hashing Functions
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)
 
Cryptography
CryptographyCryptography
Cryptography
 
Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2
 
Caesar cipher
Caesar cipherCaesar cipher
Caesar cipher
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
 
Cryptology
CryptologyCryptology
Cryptology
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 

Destaque

Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsAndrew McNicol
 
State of Crypto in Python
State of Crypto in PythonState of Crypto in Python
State of Crypto in Pythonjarito030506
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
OnionBots: Subverting Privacy Infrastructure for Cyber Attacks
OnionBots: Subverting Privacy Infrastructure for Cyber AttacksOnionBots: Subverting Privacy Infrastructure for Cyber Attacks
OnionBots: Subverting Privacy Infrastructure for Cyber AttacksAmirali Sanatinia
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Mikko Ohtamaa
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonMalachi Jones
 
Network Security and Analysis with Python
Network Security and Analysis with PythonNetwork Security and Analysis with Python
Network Security and Analysis with Pythonpycontw
 

Destaque (8)

Introduction to Python for Security Professionals
Introduction to Python for Security ProfessionalsIntroduction to Python for Security Professionals
Introduction to Python for Security Professionals
 
State of Crypto in Python
State of Crypto in PythonState of Crypto in Python
State of Crypto in Python
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with python
 
Cryptography in Python
Cryptography in PythonCryptography in Python
Cryptography in Python
 
OnionBots: Subverting Privacy Infrastructure for Cyber Attacks
OnionBots: Subverting Privacy Infrastructure for Cyber AttacksOnionBots: Subverting Privacy Infrastructure for Cyber Attacks
OnionBots: Subverting Privacy Infrastructure for Cyber Attacks
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with Python
 
Network Security and Analysis with Python
Network Security and Analysis with PythonNetwork Security and Analysis with Python
Network Security and Analysis with Python
 

Semelhante a Python Cryptography & Security Guide

Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API LandminesErnie Turner
 
VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012Martin Kobetic
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsAjay Ohri
 
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Derrick Isaacson
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2ESUG
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
 
Java Symmetric
Java SymmetricJava Symmetric
Java Symmetricphanleson
 
Cryptography for Smalltalkers 2 - ESUG 2006
Cryptography for Smalltalkers 2 - ESUG 2006Cryptography for Smalltalkers 2 - ESUG 2006
Cryptography for Smalltalkers 2 - ESUG 2006Martin Kobetic
 
Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Netwax Lab
 
Introduction to Public Key Cryptography
Introduction to Public Key CryptographyIntroduction to Public Key Cryptography
Introduction to Public Key CryptographyKelley Robinson
 
Implement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptxImplement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptxpreethihp4500
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 

Semelhante a Python Cryptography & Security Guide (20)

Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
Dodging WebCrypto API Landmines
Dodging WebCrypto API LandminesDodging WebCrypto API Landmines
Dodging WebCrypto API Landmines
 
VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012VisualWorks Security Reloaded - STIC 2012
VisualWorks Security Reloaded - STIC 2012
 
How does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen OomsHow does cryptography work? by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
 
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2Cryptography for Smalltalkers 2
Cryptography for Smalltalkers 2
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
 
Java Symmetric
Java SymmetricJava Symmetric
Java Symmetric
 
SSL Primer
SSL PrimerSSL Primer
SSL Primer
 
Cryptography for Smalltalkers 2 - ESUG 2006
Cryptography for Smalltalkers 2 - ESUG 2006Cryptography for Smalltalkers 2 - ESUG 2006
Cryptography for Smalltalkers 2 - ESUG 2006
 
Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)Cisco iso based CA (certificate authority)
Cisco iso based CA (certificate authority)
 
Introduction to Public Key Cryptography
Introduction to Public Key CryptographyIntroduction to Public Key Cryptography
Introduction to Public Key Cryptography
 
Implement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptxImplement symmetric key algorithms.pptx
Implement symmetric key algorithms.pptx
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
 

Mais de Jose Manuel Ortega Candel

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfJose Manuel Ortega Candel
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfJose Manuel Ortega Candel
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Jose Manuel Ortega Candel
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfJose Manuel Ortega Candel
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfJose Manuel Ortega Candel
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudJose Manuel Ortega Candel
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Jose Manuel Ortega Candel
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Jose Manuel Ortega Candel
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sJose Manuel Ortega Candel
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Jose Manuel Ortega Candel
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanJose Manuel Ortega Candel
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamJose Manuel Ortega Candel
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsJose Manuel Ortega Candel
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorJose Manuel Ortega Candel
 

Mais de Jose Manuel Ortega Candel (20)

Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdfAsegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
Asegurando tus APIs Explorando el OWASP Top 10 de Seguridad en APIs.pdf
 
PyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdfPyGoat Analizando la seguridad en aplicaciones Django.pdf
PyGoat Analizando la seguridad en aplicaciones Django.pdf
 
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...
 
Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops Evolution of security strategies in K8s environments- All day devops
Evolution of security strategies in K8s environments- All day devops
 
Evolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdfEvolution of security strategies in K8s environments.pdf
Evolution of security strategies in K8s environments.pdf
 
Implementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdfImplementing Observability for Kubernetes.pdf
Implementing Observability for Kubernetes.pdf
 
Computación distribuida usando Python
Computación distribuida usando PythonComputación distribuida usando Python
Computación distribuida usando Python
 
Seguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloudSeguridad en arquitecturas serverless y entornos cloud
Seguridad en arquitecturas serverless y entornos cloud
 
Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud Construyendo arquitecturas zero trust sobre entornos cloud
Construyendo arquitecturas zero trust sobre entornos cloud
 
Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python Tips and tricks for data science projects with Python
Tips and tricks for data science projects with Python
 
Sharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8sSharing secret keys in Docker containers and K8s
Sharing secret keys in Docker containers and K8s
 
Implementing cert-manager in K8s
Implementing cert-manager in K8sImplementing cert-manager in K8s
Implementing cert-manager in K8s
 
Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)Python para equipos de ciberseguridad(pycones)
Python para equipos de ciberseguridad(pycones)
 
Python para equipos de ciberseguridad
Python para equipos de ciberseguridad Python para equipos de ciberseguridad
Python para equipos de ciberseguridad
 
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodanShodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
Shodan Tips and tricks. Automatiza y maximiza las búsquedas shodan
 
ELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue TeamELK para analistas de seguridad y equipos Blue Team
ELK para analistas de seguridad y equipos Blue Team
 
Monitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source toolsMonitoring and managing Containers using Open Source tools
Monitoring and managing Containers using Open Source tools
 
Python Memory Management 101(Europython)
Python Memory Management 101(Europython)Python Memory Management 101(Europython)
Python Memory Management 101(Europython)
 
SecDevOps containers
SecDevOps containersSecDevOps containers
SecDevOps containers
 
Python memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collectorPython memory managment. Deeping in Garbage collector
Python memory managment. Deeping in Garbage collector
 

Último

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Último (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Python Cryptography & Security Guide

  • 1. Python Cryptography & Security José Manuel Ortega | @jmortegac
  • 4. INDEX Introduction to cryptography1 OWASP & Best Practices4 Django Security3 PyCrypto and other libraries2 Steganography5
  • 5. Introduction to cryptography Key terms Caesar Chiper Hash functions(MD5,SHA) Symetric Encryption(AES) Asimetric Encription(RSA) PBKDF2-Key derivation function
  • 6. Key terms  Key: The piece of information that allows you to either encrypt or decrypt your data.  Plaintext: The information that you want to keep hidden, in its unencrypted form. The plaintext can be any data at all: a picture, a spreadsheet, or even a whole hard disk  Ciphertext: The information in encrypted form  Cipher: The algorithm that converts plaintext to ciphertext and vice-versa
  • 7. Key terms advanced Salt – randomizes the hash of the key; prevents rainbow table attacks against the key IV (initialization vector) – randomizes the encrypted message; prevents rainbow table attacks against the message Derived Key – lengthens and strengthens the key via hashing; used instead of the original key; slows down brute-force attacks against the key
  • 9. Hash functions Calculate the checksum of some data File integrity checking Generate passwords Digital signatures and authentication MD5 SHA-2(256 and 512 bits) SHA-3
  • 11. Hashlib functions One-way cryptographic hashing https://docs.python.org/2/library/hashlib.html >>03187564433616a654efef944871f1e4 >>bd576c4231b95dd439abd486be45e23d47a2cbb74b5348b3b113cef47463e15a >>d47b290aa260af8871294e1ad6b473bd48b587593f8dea7b1b5d9271df12ee081 85a13217ae88e95d9bd425f3ada0593f1671004a2b32380039d3c88f685614c >>8fadab23df7c580915deba5c6f0eb75bd32181f55c547a2b3999db055398095c33f 10b75c823a288e86636797f71b458
  • 12. MD5 hash function Checking file integrity >>d41d8cd98f00b204e9800998ecf8427e
  • 13. Hash passwords in DB Websites store hash of a password hashlib.sha256(‘password').hexdigest() >>'5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8'
  • 15. Hash identifier For checking the type of Hash https://code.google.com/p/hash-identifier
  • 16. Symetric encryption AES Shared key for encrypt and decrypt cipher key size (bytes in ASCII) AES-128 128 bits (16 bytes) AES-192 192 bits (24 bytes) AES-256 256 bits (32 bytes)
  • 17. Asymetric encryption RSA 2 keys(public key and secret key) Public key(Pk) for encrypt Secret key(Sk) for decrypt Public key is derived from secret key
  • 19. Encryption vs Signing EncryptionWhen encrypting, you use their public key to write message and they use their private key to read it. SigningWhen signing, you use your private key to write message's signature, and they use your public key to check if it's really yours.
  • 20. Digital signature Signing a message Only the owner of Pk/Sk pair should be able to sign the message
  • 21. PyCrypto Supports Hash operations Block cipher AES,RSA Sign/verify documents >> pip install pycrypto https://pypi.python.org/pypi/pycrypto
  • 22. PyCrypto Hash functions from Crypto.Hash import SHA256 SHA256.new(‘password').hexdigest() >>'5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8' from Crypto.Hash import SHA512 SHA512.new(‘password').hexdigest() >>'b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb98 0b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86'
  • 24. PyCrypto PBKDFimport Crypto.Random from Crypto.Protocol.KDF import PBKDF2 password = 'europython' iterations = 5000 key = '' salt = Crypto.Random.new().read(32) key = PBKDF2(password, salt, dkLen=32, count=iterations) print 'Random salt (in hex):' print salt.encode('hex') print 'PBKDF2-derived key (in hex) of password after %d iterations: ' % iterations print key.encode('hex') Generating key from password A salt is a random sequence added to the password string before using the hash function. The salt is used in order to prevent dictionary attacks and rainbow tables attacks. Random salt (in hex): 724138b9d987a04bf05d285db678824f9b7e2b1232229711c2e0e2e556a0c19a PBKDF2-derived key (in hex) of password after 5000 iterations: d725de7de88e27d16c9c4f224d4c87159735708419d1c949074962b48ce26900
  • 25. PyCrypto RSA Generate an RSA secret and public key pair from Crypto.PublicKey import RSA def generate_RSA(bits=1024): #Generate an RSA keypair with an exponent of 65537 in PEM format #param: bits The key length in bits #Return secret key and public key new_key = RSA.generate(bits, e=65537) public_key = new_key.publickey().exportKey("PEM") secret_key = new_key.exportKey("PEM") return secret_key, public_key
  • 26. PyCrypto RSA Generate an RSA secret and public key pair -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYS9ITbjKu5i9i36FgzKg/HO3o 6CKGJ1c5E57qVlmYF6L1BcgH+eE+XiwJ6fWyShaVnZDuvUapWgQeOGZ60QBJ/vpu DdwqsuGoTeJNqaRT9ButJa+o+0tchRKBcM6zKUXYWc7kdAlxEpO2OXZEqxD7bd1O oxv7mEjqBpVXgNEVrwIDAQAB -----END PUBLIC KEY----- -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCYS9ITbjKu5i9i36FgzKg/HO3o6CKGJ1c5E57qVlmYF6L1BcgH +eE+XiwJ6fWyShaVnZDuvUapWgQeOGZ60QBJ/vpuDdwqsuGoTeJNqaRT9ButJa+o +0tchRKBcM6zKUXYWc7kdAlxEpO2OXZEqxD7bd1Ooxv7mEjqBpVXgNEVrwIDAQAB AoGAc0qqzTTWP5tYciRTmeE02RqAbJoXULHFkRruaf5WsxHptk3bIVakkr9d3V91 NbRqpnby+hjlvly701jlE8LW0QIccII9oWyV6kMSTEJMth9RlXpCbQY285pwg+bF zyEhQJmjMj1hMDJLQ8dXLCeqXZ37etYGHTT2XQ+q5TOW4YkCQQC5WDQHBhYa/Mzt UlXemLxv1ERaxt8zmXSX0bKjIkaYMv1SF3FskiN9Rm/zXvil3HuiySBq9g6/fPbN T1+dtiZTAkEA0lpsRUqamIbii18aBBQGs/FbrUa71ahpoU7+8wXMxNYQBfVGvlzs J+tKxSecMO196Hl4l5I14ASEs+4wKK5vtQJARe4gmzHRr1cIntY87eKk3nCxZaq5 Vkek9Q86nlB1YEGE0K9lrTgqSb8EyEdh+3qH73CBWboC8H7ew7IZ+nBaXwJBAJEO K8Vomcz+jvB/B0iyqqChmo+VzGecuCK1f9gEMt21o90H893H5E3u0mO8WdffnciX I1KaT66ITx5o7SrQh1UCQGqP8B9bpzXjxMuLUJuL1DoRP4QBGHoXokdu8gKAlPzp ZK8BKRSPRobwlNFlXWfXLAWIFwXIeqOblI20U/oNwNE= -----END RSA PRIVATE KEY-----
  • 27. PyCrypto RSA from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP def encrypt_RSA(public_key, message): key = (public_key, "r").read() rsakey = RSA.importKey(key) rsakey = PKCS1_OAEP.new(rsakey) encrypted = rsakey.encrypt(message) return encrypted.encode('base64') from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP from base64 import b64decode def decrypt_RSA(secret_key, message): key = (secret_key, "r").read() rsakey = RSA.importKey(key) rsakey = PKCS1_OAEP.new(rsakey) decrypted = rsakey.decrypt(b64decode(message)) return decrypted
  • 28. PyCrypto Sign/verify from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 from Crypto.Hash import SHA256 from base64 import b64encode, b64decode def sign_data(secret_key, data): key = (secret_key, "r").read() rsakey = RSA.importKey(key) signer = PKCS1_v1_5.new(rsakey) digest = SHA256.new() digest.update(b64decode(data)) sign = signer.sign(digest) return b64encode(sign) from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 from Crypto.Hash import SHA256 from base64 import b64decode def verify_sign(public_key, signature, data): ‘ #Verifies with a public key that the data was signed by their #private key pub_key = (public_key, "r").read() rsakey = RSA.importKey(pub_key) signer = PKCS1_v1_5.new(rsakey) digest = SHA256.new() digest.update(b64decode(data)) if signer.verify(digest, b64decode(signature)): return True return False
  • 29. PyCrypto RSA/Sign/verifyTrue True True public_key <_RSAobj @0x2b56648 n(1024),e> encrypted data ('Ixe6xff M$x12xbbx95xeex02xcfx82Imtf+x1fxaeUxbdv` ^x94xfaxe6_x8bxedx8dxa3xabxfc xaex17x07=|x18xcax18jxc5x1dx01xad`xd6W ExfbUxd1x12x0c- xb6x9cxc4x07xaax93<xb5zw&x98xa2xdcx8e x9e- x06gQxcfxfaxc8r/xd5x98|xd5xcdgxb2xdaxcd: dxafxdexe2xcdxcdxf5{p`x07xbb~x1bxa4hHJ#c tE6xfaxc3x87x8dxf2O8,xe2W',) signature (445755122549853282247622461459180943435051515 5918916324891286777775175591376873419505852842 3900156177220742858645089371096255086061177099 8101038368420840785203067622854793789417670298 3088451295738677105320376959152029164761636442 8930467543317371804318093617486393498897888949 152557196686676342045445446511829L,) decrypt_data EUROPHYTON2015 True
  • 30. Best practices Avoid hashing methods like MD5 or SHA-1,use at least SHA-2 or SHA-3 Key Stretching for strong passwords Preventing Brute-force or dictionary attacks for i in xrange(iterations): m = hashlib.sha512() m.update(key + password + salt) key = m.digest()
  • 31. Cryptography $ pip install cryptography https://cryptography.io Support for Python 3 Support for modern algorithms such as AESGCM and HKDF Improved debugability and testability Secure API design
  • 34. Django Security Are you vulnerable to the heartbleed bug? Are you enforcing SSL correctly? Did you set the proper flags for your cookies? Did you remember to disable weak ciphers?  How are you managing your secret keys?  Are you sure you authorise users correctly? https://www.securedjango.com
  • 35. Django Security We can use frameworks for building API REST Tastypie django-rest-framework dj-webmachine Django-secure package https://www.securedjango.com http://django-tastypie.readthedocs.org/en/latest http://django-rest-framework.org http://benoitc.github.com/dj-webmachine
  • 36. Django Security What provide these frameworks? Cross-site scripting(XSS) Protection Cross-site request forgery(CSRF) Protection SQL Injection Protection Clickjacking Protection Supports SSL/HTTPS Secure Password Storage with PBKDF2 algorithm and SHA256 Data Validation https://www.securedjango.com
  • 40. Security best practices Always use HTTPS if you have anything non-public Proper SSL deployment Enable HTTPS with a proper server certificate Enforce HTTPS on your entire domain Configure redirects to enforce HTTPS usage Set the secure flag on all cookies Django only send session cookies over HTTPS SESSION_COOKIE_SECURE = true CSRF_COOKIE_SECURE_true
  • 41. Security best practices Keep in secrets keys and credentials Put DEBUG=false in production in settings.py Use ALLOWED_HOSTS variable in production for setting a list of request allowed hosts names Limit access to admin with IP`s filter ALLOWED_HOSTS =[*] ALLOWED_HOSTS =['.yourdomain.com']
  • 42. Password storage PBKDF2 + SHA256 by default PASSWORD_HASHERS = ( 'django.contrib.auth.hashers.PBKDF2PasswordHasher', 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', 'django.contrib.auth.hashers.SHA1PasswordHasher', 'django.contrib.auth.hashers.MD5PasswordHasher', 'django.contrib.auth.hashers.CryptPasswordHasher')
  • 43. Password storageclass PBKDF2PasswordHasher(BasePasswordHasher): """ Secure password hashing using the PBKDF2 algorithm (recommended) Configured to use PBKDF2 + HMAC + SHA256. The result is a 64 byte binary string. Iterations may be changed safely but you must rename the algorithm if you change SHA256. """ algorithm = "pbkdf2_sha256" iterations = 24000 digest = hashlib.sha256 def encode(self, password, salt, iterations=None): assert password is not None assert salt and '$' not in salt if not iterations: iterations = self.iterations hash = pbkdf2(password, salt, iterations, digest=self.digest) hash = base64.b64encode(hash).decode('ascii').strip() return "%s$%d$%s$%s" % (self.algorithm, iterations, salt, hash) https://github.com/django/django/blob/master/django/contrib/auth/hashers.py/
  • 44. OWASP
  • 46. SQL injection Never trust user-submitted data Django generates properly-escaped parameters SQL Using cursor method and bind parameter is the best option for avoid SQL INJECT from django.db import connection def select_user(request): user = request.GET['username'] sql = "SELECT * FROM users WHERE username = %s" cursor = connection.cursor() cursor.execute(sql, [user])
  • 47. SQL injection Django ORM –QuerySets -Models Django automatically gives you a database-abstraction API that lets you create, retrieve, update and delete objects Write python classes and it will convert to SQL securely from django.db import models class Blog(models.Model): name = models.CharField(max_length=100) description = models.TextField() >>b = Blog(name=‘My Bblog', description=‘django security') >>> b.save()
  • 49. Cross site Scripting Allows an attacker obtain session information Used with in phising sites Django’s render template system automatically escapes all variable values in HTML from django.shortcuts import render def render_page(request): user = request.GET['username'] return render(request, ‘page.html', {‘user’: user})
  • 50. Security best practices in forms Validate form data with Django Forms package Use POST method in HTML Forms Use Meta.Fields in ModelForms
  • 51. Steganography Hiding data(text/images) within images Where is stored the data?
  • 52. Steganography In the pixels in RGB Components Altering the Least Significant Bit(LSB) Use one bit per pixel for storing data
  • 53. Libraries in python Stepic http://domnit.org/stepic/doc
  • 54. Libraries Stegano https://code.google.com/p/stegano-cb $ slsb.py --hide -i python.png -o python-secret.png –m “euro..” $ slsb.py --hide -i python.png -o python-secret.png –f img.png
  • 56. Hide text in image(LSB)
  • 57. Reveal text from image(LSB)
  • 58. Hide image inside an image
  • 60. Book Hacking Secret Ciphers with python Free online http://inventwithpython.com/hacking/index.html
  • 61. Thank you! José Manuel Ortega| @jmortegac