I need to securely crypt and decrypt information about users ( name, surname and user_id ) in cookies.
What is the best way to do this ? What encryption and decryption function do I need ?
Thanks ^_^
A:
It's generally a bad idea: an attacker can do chosen-text dictionary attacks if they can guess what you might be putting in the cookie, which is quite likely, and securing a universal key is harder than looking after a database containing confidential information, because there is not much in the way of an audit trail for these kind of client-side web-based attacks.
If the cost of a security breach is low, then maybe you want to do this anyway. Just use a symmetric-key encryption algorithm.
Charles Stewart
2010-06-09 09:41:22
I need to save only name, surname and user_id ( no password and no email ). So in this case what python function is best for me ?Thanks ^_^
xRobot
2010-06-09 09:47:53
@xRobot: Look at http://stackoverflow.com/questions/172486/what-pure-python-library-to-use-for-aes-256-encryption
Charles Stewart
2010-06-09 10:13:10
A:
Take a look here: http://www.example-code.com/python/encryption.asp I would suggest DES or Blowfish
bogdanvursu
2010-06-09 09:57:37
Probably not important for this application, but DES is considered insecure. I recommedn AES.
Charles Stewart
2010-06-09 10:15:55