(Classical Cryptography with Python) Part 1
--
Hey everyone, welcome back to my blog. Today I want to demonstrate about cryptographic concept with Python programming language. Lets kick off
Classical Cryptography
Autentication protocols need to employ encryption to protect the session from exposure to intruders. We have heard time and time that data have been leaked due to the low secured passwords which makes it vulnerable. In a secure world, passwords are typically hashed, salted,
and stretched, and electronic communications should be encrypted to ensure
secrecy. Just hashing or encrypting data may not be enough, though. The best
encryption schemes will not protect data from poorly constructed passwords.
In this blog, I will illustrate some awesome python script which you are able to secure your passwords. You will learn in this blog about:
- The basics of encryption schemes
- you will be able to understand Best practise for passwords
- you will be able to use historical cipher and their cryptoanalysis.
I am willing to share some best practises for protecting your password from threat actors thus please stay bare with me :))
Password Best Practise
Your purpose while reading this blog is to gain an understanding of how to use strong cryptographic schemes and how to identify and attack weak schemes. If you work as a security professional, you should protect data breaches and secure people’s password to inform them and protecting your organization from brute force attacks which can be caused a problem. I will declare this in method to protect and inform them.
- Temporary passwords should be used only once and immediately changed once a user logs in
- passwords should never be stored in clear text.
- passwords should be changed regularly.
- A password for system should not be used for another
- Passwords should never be shared with support staff
- Users should not be able to reuse passwords.
Most modern-days are getting better to use strong passwords which makes less breakable.
Password storage
As I mentioned in my bog as a security-minded professional, you should inform people to never be used their password in plaintext it is vital in these days to not use weak passwords. To do so I recommend hashing passwords that need to be stored.
Hashing Passwords
Python, like many other languages, provides you a way to call hashing functions that accept a message of any length and return a fixed-length result that is referred to as a message digest or hash code. Hashing functions use specific hashing algorithms but do not use secret keys. If the exact message is entered into a hashing function, the same hash code will be produced.
if you want to convert your password from plain text to SHA-512. It looks like, such as -> Here is the hash value for password:
b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d778 5e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86I
-> Here is the hash value for Password:
e6c83b282aeb2e022844595721cc00bbda47cb24537c1779f9bb84f04039e1676e6ba857
3e588da1052510e3aa0a32a9e55879ae22b0c2d62136fc0a3e85f8bb
You can use Python or other programming langue or even a website to be used. Most people recommend Python language which makes it easier for us.
To examine the hashed password using SHA-512, we can type:
- I made a project about network however, I forgotten to change the project name lol :)
There are two primary ways to attack hash functions: through cryptanalysis
and through brute force. Storing passwords in the database in their hash code
form still offers malicious users a way to figure out passwords. A rainbow table, which is a precomputed table for reversing cryptographic hash functions, can be used to crack password hashes
Salting Password
the password before it goes through the hashing process. You would then save
that random chunk of bits along with the hashed password. The reason salting is effective is that if bad actors attack your hashing scheme, they are unable to scale their attack to a large number of users or launch brute-force attacks across the enterprise. A salt is simply added to make a password even for users adopting common passwords. Its purpose is to make pre-computation based attacks unhelpful. If your password is stored with a unique salt then any pre-computed password-hash table targeting unsalted password hashes or targeting an account with a different salt will not aid in cracking your account’s password.
For instance, i will make it clear to showing you how to code such a script securely.
Stretching Passwords
Our next defense is the concept of key or password stretching. Stretching is a
technique used to make a weak key, passphrase, or password more secure against brute-force attacks by increasing the time it takes to test each possible iteration. Key stretching works by accepting input that is fed into an algorithm, and the return result is an enhanced key.
Password Tools
I have been using a lot of python libraries because it has a lot modules to be used. You do not have to use password manager to secure your password because You have been able to use “hashlib” or “bcrypt” library to make your password more secure than the plaintext of course. In this section we will be talking about “bcrypt”. The bcrypt library may have dependencies on pycparser and cffi. A few alternatives are worth mentioning, but bcrypt is one of the more popular choices. Some alternatives include scrypt either using the hashlib or cryptography libraries.
I will show you a code which demonstrates clearly.
below the code you are seeing the differences between being hased and salted
- being salted password.
- being hashed password.
As you know this is the first part of my blog. I am going to learn more about awesome hashing password technique and using them in Python language or even in C . If you do like my blog Please consider to subscribe, support, and share with your friends
Happy Hacking !!!
Ahmet Göker | exploit researcher | malware researcher | Cryptography freak :)
You can follow me on social networks
Linkedin: https://www.linkedin.com/in/ahmetg%C3%B6ker/
YouTube: https://youtube.com/TurkishHoodie
Twitter: https://twitter.com/TurkishHoodie_
Thanks for reading, part 2 will be coming:))
