Moving Into The 21st Century for Data: Scrypt, Tokenization and Python
We live in a 20th Century world, with our spreadsheet and databases. Very little trust is added into our data, and very little protection is ever applied. This leads to a world where cybercriminals can thrive, as it is easy to spoof any data elements. An improved data world is to tokenize data, and where we encrypt the data, along with applying hashing methods to prove the sender and that the data has not been changed. Fernet tokens are one of the easiest methods to encapsulate data in the form of a token.
Fernet is a symmetric encryption method that makes sure that the message encrypted cannot be manipulated/read without the key. It uses URL safe encoding for the keys. Fernet also uses 128-bit AES in CBC mode and PKCS7 padding, with HMAC using SHA256 for authentication. The IV is created from os.random(). All of this is the kind of thing that good software needs. AES is top drawer encryption, and SHA-256 avoids many of the problems caused by MD5 and SHA-1 (as the length of the hash values is too small). With CBC (Cipher Block Chaining) we get a salted output, and which is based on a random value (the IV value). And with HMAC we can provide authenticated access from both sides. In this case, we will use scrypt to generate the encryption key from a salt value and a password. To generate the same encryption key we need the…
