https://github.com/stef/persistent-crypto-dictionary

An encrypted persistent dictionary
https://github.com/stef/persistent-crypto-dictionary

Last synced: 9 months ago
JSON representation

An encrypted persistent dictionary

• Host: GitHub
• URL: https://github.com/stef/persistent-crypto-dictionary
• Owner: stef
• Created: 2012-01-23T14:35:41.000Z (over 14 years ago)
• Default Branch: master
• Last Pushed: 2021-07-20T18:24:12.000Z (almost 5 years ago)
• Last Synced: 2025-02-01T23:17:19.418Z (over 1 year ago)
• Language: Python
• Homepage: An encrypted persistent dictionary
• Size: 6.84 KB
• Stars: 2
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.rst

Awesome Lists containing this project

README

          
Persistent Crypto Dictionary

****************************

This class implements a persistent dictionary using sqlite3 and

encrypts the keys and the values of the dictionary in a way, that

makes it very hard to bruteforce either the key or the values in the

db.

example usage::

   >>> from pcd import PersistentCryptoDict

   >>> d=PersistentCryptoDict()

   >>> print d

   

   >>> print d['my key']

   None

   >>> d['my key']='secret value'

   >>> print d['my key']

   secret value

   >>> d['my key']='top secret value'

   >>> print d['my key']

   top secret value

Crypto

======

The key and the value in the dict is transformed according to the

following algorithm (credit: dnet):

Setting values

++++++++++++++

1. we calculate they keyhash - a hmac-sha512(salt,key)

2. we split the key in half, the first half as a hexdigest (ascii),

   the second we keep as a binary

3. we use the second binary half from step 2 of the keyhash to encrypt

   the value

4. we use the ascii keyhash from step 2 as a key to the database, and

   the value is the encrypted result from step 3.

Getting values

++++++++++++++

1. we calculate they keyhash - a hmac-sha512(salt,key)

2. we split the key in half, the first half as a hexdigest (ascii),

   the second we keep as a binary

3. we query the database using the ascii keyhash from step 2 as a key

4. we use the second binary half from step 2 of the keyhash to decrypt

   the value

The database contains only the following pairs of data:

  (hmac-sha512(key, salt).hexdigest()[:64],                # key

  aes256-ofb(hmac-sha512(key, salt).digest()[32:], value)) # value

we diligently obey Schneier's law:

https://www.schneier.com/blog/archives/2011/04/schneiers_law.html, and

thus we would consider the task to retrieve any meaningful data

without huge rainbow tables from such a database a futile task. :)