Hiding token information from users
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Tue Aug 23 12:55:11 EDT 2011
Tobiah wrote:
> I really need some sort of
> algorithm that will let me take an unknown string and generate
> the encrypted bit on the fly.
Google broken for you? *wink*
Seriously, there are about a bazillion algorithms for encrypting and
obfuscating strings. Depending on your security requirements, that can be
as simple as rot13 and as complex as blowfish (or even more so).
If it helps, I have a module that implements a selection of classical (i.e.
insecure) encryption algorithms:
http://pypi.python.org/pypi/obfuscate
Earlier, you said:
> The secret is not like
> the key to Fort Knox. We would rather not have the plain
> token out there, as it's internal business information,
> but we don't have to protect the information at all costs.
> Just making it really inconvenient to extract is fine.
I don't understand the point of this. What could your users do with the
plain token that they shouldn't? I don't see why, if it's not worth
encrypting properly, why it's worth obfuscating it at all.
--
Steven
More information about the Python-list
mailing list