0

I am writing a program that parses a file and tweets lines from it. I was able to write the program but I was curious if I should hash the Keys and Tokens that Twitter provides for added security? They tell you to protect the keys because they can be used to access your account. I was looking into using Python's hashlib library to do this, specifically this hashlib function.

hashlib.pbkdf2_hmac(hash_name, password, salt, iterations, dklen=None)

To prevent brute-force attacks on passwords you should use a key derivation function and a salt so I want to know if doing this to the Keys and Tokens would make sense? I want to hash the Keys and Tokens one time, store them in a database file then be able to decrypt the hashes when I want to interact with Twitter. Is that possible and what method should I use to do this?

pjmorin0001
  • 79
  • 3
  • 10
  • No, that doesn't make any sense. Hashing is one-way, so you can't get them back when you need to use them. Encrypting is two way, but then anyone else could get them back too. To what are you trying to add security, and from what? – jonrsharpe Oct 13 '16 at 20:26
  • That is what I figured and I do not want to explicitly put my Keys and Tokens in the script. I have to present to a class and I do not want my private Keys and Tokens in plain text. I want to encrypt them, store the encryption in a sqlite3 database then when I need them, retrieve and decrypt them so I can send a tweet. – pjmorin0001 Oct 13 '16 at 21:36
  • 1
    But why do you think that helps? If you don't want them in your source code (perfectly reasonable, as it also keeps it out of source control etc.) just access them from environment variables or an external file. Encrypting gives you no benefits over this. – jonrsharpe Oct 13 '16 at 21:37
  • I created a separate python module that stores my keys and tokens which I then imported into my main program. I just was not sure what other people did to protect there Keys and Tokens in there code. – pjmorin0001 Oct 14 '16 at 15:21

0 Answers0