encryption with python

[Paul Rubin]

James Stroud <jstroud at mbi.ucla.edu> writes:
> Then your best bet is to take a reasonable number of bits from an sha hash. 
> But you do not need pycrypto for this. The previous answer by "ncf" is good, 
> but use the standard library and take 9 digits to lessen probability for 
> clashes
> 
> import sha
> def encrypt(x,y):
>     def _dosha(v): return sha.new(str(v)).hexdigest()
>     return int(_dosha(_dosha(x)+_dosha(y))[5:13],16)
> ...
> Each student ID should be unique until you get a really big class. If your 
> class might grow to several million, consider taking more bits of the hash.

Please don't give advice like this unless you know what you're doing.
You're taking 8 hex digits and turning them into an integer.  That
means you'll probably have a collision after around 65,000 id's, not
several million.  "Probably" means > 50%.  You'll have a significant
chance (say more than 1%) of collision after maybe 10,000.

Also, if you know the student's graduation year, in most cases there
are just a few hundred likely birthdates for that student, so by brute
force search you can crunch the output of your function to a fairly
small number of DOB/SSN combinations.

The only approach that makes sense is for the secure database to
assign arbitrary numbers that aren't algorithmically related to any
sensitive data.  Answers involving encryption will need to use either
large ID numbers or secret keys, both of which will cause hassles.