If you’re struggling picking a Crypto suite … Fernet may be the answer
We are starting to see a whole lot of software developers getting interested in cryptography, especially in assessing for vulnerabilities within applications. So for someone to be faced with: RSA, AES, BCrypt, 3DES, DES, MD5, HMAC, private keys, public keys, and …. you might think you it was impossible to decide which is the best way to go. But luckily there’s a cipher suite that tries to implement best practice … Fernet [here]:
Key: 4c504a4e756c2d776f77346d3644737178626e696e687357486c776670304a656377517a59704f4c6d43513d
Cipher: 67414141414142625a7930326f316c433138624e43755a56646d3939396362384537725577334d6765644449516f757a7976694b59337155617131703655744577424a2d616d484f4b7031413630356a7a50433039595750424c4a634833433271773d3d
Plain text: hello worldSo what is Fernet?
Fernet is a symmetric encryption method which makes sure that the message encrypted cannot be manipulated/read without the key. It uses URL safe encoding for the keys. Fernet also uses 128-bit AES in CBC mode and PKCS7 padding, with HMAC using SHA256 for authentication. The IV is created from os.random(). All of this is the kind of thing that good software needs.
AES is top drawer encryption, and SHA-256 avoids many of the problems caused by MD5 and SHA-1 (as the length of…
