Reputation: 905
How to handle password management via PyNaCl?
I have the following scenario:
given a Python application on some client machine which enables several users. It encrypts and decrypts user passwords. What would be the currently most recommended approach?
Attempts of using PyNaCl lead to the insight that it is not a good approach due to the fact that PyNaCl is used for communication encryption and decryption. Here we have passwords which shall be encrypted, stored to a file, and then decrypted on request (e.g. if a specific user wants to re-login). Storing the passwords in a database is for our current experiment not an option (although it would be possibly a better solution).
According to your experiences: what would be a good way to approach this issue of encrypting and decrypting user data from e.g. text files? (Again: this is experimental and not meant for productive use in the current stage)
Upvotes: 1
Views: 808
Answers (2)
Reputation: 88
In case someone stumbles upon this question: PyNaCl supports password hashing using argon2i and argon2id since Version 1.2.0 Module is nacl.pwhash
Upvotes: 2
Reputation: 61952
PyNaCl supports multiple types of crypto primitives, but a password hashing scheme is none of them.
Using encryption for password storage is an anti-pattern. Where is the key stored to decrypt the encrypted password? If the key is stored somewhere in code or in some file in the file system, then the whole thing is nothing more than obfuscation. What if the key is lost? An attacker can directly decrypt the password and log in.
I'm assuming here that users don't actually type in keys, but rather passwords. If they would type in keys, then those keys could be used directly for PyNaCl encryption.
Instead, passwords should be hashed repeatedly and the hash stored. If a user tries to log in again, the password is hashed again with the same parameters (salt, iteration count, cost factor) and compared to the stored value. This is how it commonly solved in client-server applications, but it is not necessary to store the password hash anywhere, because PyNaCl's symmetric encryption also provides authentication (integrity). It means that you can detect a wrong password by deriving a key from that and attempting to decrypt the container. The password was wrong when PyNaCl produces an error (or the container was tampered with).
There are multiple schemes (PBKDF2, bcrypt, scrypt, Argon2) that can be used for this purpose, but none of them are included in PyNaCl. Although, the underlying libsodium supports two of them.
Upvotes: 2
Related Questions
- How to find the index for a given item in a list?
- How do I make a flat list out of a list of lists?
- How to use a global variable in a function?
- How slicing in Python works
- How do I check whether a file exists without exceptions?
- How do I merge two dictionaries in a single expression in Python?
- How to access the index value in a 'for' loop?
- How do I execute a program or call a system command?
- How to catch multiple exceptions in one line? (in the "except" block)
- How do I create a directory, and any missing parent directories?