I need to securely crypt and decrypt information about users ( name, surname and user_id ) in cookies.
What is the best way to do this ? What encryption and decryption function do I need ?
Thanks ^_^
Asked
Active
Viewed 2,348 times
2 Answers
0
It's generally a bad idea: an attacker can do chosen-text dictionary attacks if they can guess what you might be putting in the cookie, which is quite likely, and securing a universal key is harder than looking after a database containing confidential information, because there is not much in the way of an audit trail for these kind of client-side web-based attacks.
If the cost of a security breach is low, then maybe you want to do this anyway. Just use a symmetric-key encryption algorithm.
Charles Stewart
- 11,661
- 4
- 46
- 85
-
I need to save only name, surname and user_id ( no password and no email ). So in this case what python function is best for me ? Thanks ^_^ – xRobot Jun 09 '10 at 09:47
-
@xRobot: Look at http://stackoverflow.com/questions/172486/what-pure-python-library-to-use-for-aes-256-encryption – Charles Stewart Jun 09 '10 at 10:13
0
Take a look here: http://www.example-code.com/python/encryption.asp I would suggest DES or Blowfish
bogdan
- 671
- 5
- 16
-
Probably not important for this application, but DES is considered insecure. I recommedn AES. – Charles Stewart Jun 09 '10 at 10:15