Industry standard encryption on both Python 3 and Azure SQL database - python

I'm pretty good at Googling my programming needs, but could really not find this.
I'm finishing this security-related Python 3 application which runs on Raspberry Pi Zero W. Its data is in an Azure SQL DB and I reach it via a WCF service. Now it's time to protect data back and forth regardless of https implementation, so I tried hard to find an encryption mechanism supported on both worlds in such a way that I encrypt stuff in the device and decrypt it in Azure DB and the other way around. Since I could not find it I went ahead and developed an encryption mechanism based on the timestamp plus some partial scrambling but would appreciate if I could employ a real industry standard encryption scheme. It would benefit the product in many ways, really... So, has any of you guys been in this scenario, and if so, how did you proceed ? Does this make sense to you ?
Thanks very much.
-- Emilio

The industry standard for encrypting data is AES (Advanced Encryption Standard), notice the word: Standard.

Related

GRPC: Sending messages from Python to C#, best method?

I am working on a project that just scrapes data from 3 devices (2xserial and 1xssh). I have this part implemented no problem.
I am now heading towards the second part where I need be be able to send the data I need using protobuf to the clients computer where they will receive and display on their own client.
The customer has provided examples of their GRPC servers, and it's written in C#.
Currently, for security reasons, our system uses RedHat 8.3 and I am using a SSH Protocol Library called Paramiko for the SSH part. Paramiko is a Python library. Also the machine I am extracting data from only runs on Linux.
Here are my main questions, and I apologize if I got nowhere.
1.) The developer from the client side provided us with a VM that has a simulator and examples written in C# since their side was written in C#. He says that it's best to use the C# because all examples can be almost re-used as it's all written, etc. While I know it's possible to use C# in Linux these days, I've still have no experience doing so I don't know how complicated/tedious this can get.
2.) I write code in C# and wrap all the python code, which is also something I've never done, but I would be doing this all in RedHat.
3.) I keep it in python because sending protobuf messages works across languages as long as it is sent properly. Also from the client side, I'm not sure if they will need to make adjustments if receiving protobuf messages written in Python(I don't think this is the case because it's just serialized messages, yea?).
Any advice would be appreciated. I am looking to seek more knowledge outside my realm.
Cheers,
Z
If you're happy in Python, I would use option 3. The key thing is to either obtain their .proto schema, or if they've used code-first C# for their server: reverse-engineer the schema (or use tools that generate the schema from code). If you only have C# and don't know how to infer a .proto from that, I can probably help.
That said: if you want to learn some new bits, option 1 (using C# in your system) is also very viable.
IMO option 2 is the worst of all worlds.

Generic bandwidth limit in Python

Hello Python friends I am developing a commercial application in python that backs up databases, directory synchronization, finally ...
I need to implement a bandwidth limit feature.
For example the user defines that the software cannot exceed 40kbps for upload.
I know there is a way to do it because the Dropbox client is written in python and has this functionality.
I searched the net how to implement this in other languages, I even found an example using lib Twisted, but it doesn't fit my case,
because data can be configured to send to multiple clouds, AWS, Google Cloud, FTP, Google Drive, and more.
The only solution left for me was to hook the Windows API, specifically the WinSock API, to intercept system calls to
send, recv and similar functions and implement my own bandwidth limiter, but this is going to be so complicated to implement.
Does anyone have any ideas how to help me?
After a little o research I found this question Adjust speed of Socket, maybe Dropbox use that... I tried and works like a charm, but as I said, this not fit in my case, because I send to multiple clouds, is Hooking Windows API the only solution or anyone has another idea?
;)

Diffie-Hellman Parameters and safety

I Want to create my own safe connection for a VOIP app.
Now I am looking into key exchange which seems to be much more Tricky than encrypting/decrypting.
Are there any better approaches than Diffie-Hellman in practice ?
I understand the concept of Diffie-Hellman but I think it needs the right values to be safe since with natural numbers it could be easily be guessed. How can I get those values using python, what are they and is it really safe from key guessing?
Please help me with some background informations / inspiring.
Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses numbers raised to specific powers to produce decryption keys on the basis of components that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming.
The most serious limitation of Diffie-Hellman in its basic or "pure" form is the lack of authentication. Communications using Diffie-Hellman all by itself are vulnerable to man in the middle attacks. Ideally, Diffie-Hellman should be used in conjunction with a recognized authentication method such as digital signatures to verify the identities of the users over the public communications medium.
More light on the topic is available below:
1 link 1
2 link 2
3 link 3
DH is fine for this purpose, just make to sure to use 2048 bit keys or more.
However for VoIP the standards are TLS with SRTP/zrtp so it would be better if you would implement these. With DH you loose compatibility and will introduce a lot of complications. Also note that DH is only for key exchange, so you will need something also for the encryption itself. With TLS you could handle all these in one step by using a well know implementation instead to write your own encryption stack from scratch.
Diffie-Hellman is a key exchange algorithm. So Anyone can access your public parameters. You can use safety except declassified private parameters. It's so important create sharedkey safety. If you want to more secure system, try forward-secrecy

Actionscript Three Asymmetric Encryption

I cant seem to find a reliable asymmetric encryption solution to secure data between a python based server application and a client over an open data channel.
I need some way for my client to prevent a man in the middle attack over an open data channel, my current exchange has me sending my clients a token they use to verify they are talking to my server application by checking the token is valid with a php script on my site.
This is far from ideal and could easily be compromised by waiting to be sent the token and passing it off to another user.
I have tried as3crypto's rsa encryption but it is an old implementation that is not supported by many libraries as well as having a known vulnerability.
I would really like a solution that lets me hard code public/private keys into both the client and server to prevent something like this from happening.
Since decompiling swf content is not a major problem for experienced hackers, I would strongly advise against hardcoding keys. Have you thought about using SSL at all?
Hardcoding they public keys won't help you, if someone really plans an attack, because the SWF itself is transfered over an unsafe channel, thus the keys can be exchanged just as if they were transmitted individually.
There is basically nothing you can do to prevent man in the middle attacks, you can only make them harder. I think HTTPS is about the best you can get and it's also a fairly easy solution.
After doing some research I have decided to code the part of rsa I need from scratch.
I found some python code that will generate raw integer keys of any length and looked up how the rsa algorithm works.
T^P = X (mod R) to encrypt
X^Q = T (mod R) to decrypt
Where T is the starting data, X is the ending data, P is the public half of the key, Q is the private half of the key, and R is the shared part of the key (all integers).
Data will have a nonice whenever possible to prevent replay attacks and the message as a whole will be converted to a long integer to prevent traditional bit by bit cryptanalysis.

Text-based one-on-one chat with Flash interface: what to power the backend?

I'm building a website where I hook people up so that they can anonymously vent to strangers. You either choose to be a listener, or a talker, and then you get catapulted into a one-on-one chat room.
The reason for the app's construction is because you often can't vent to friends, because your deepest vulnerabilities can often be leveraged against you later on. (Like it or not, this is a part of human nature. Sad.)
I'm looking for some insight into how I should architect everything. I found this neat tutorial, http://giantflyingsaucer.com/blog/?p=875, which suggests using python & stackless + flash. Someone else suggested I should try using p2p sockets, but I don't even know where to begin to look for info on that.
Any other suggestions? I'd like to keep it simple. :^)
Unless you expect super high load, this is simple enough that it doesn't really matter what you use on the backend: just pick something you're comfortable with. PHP, Python, Ruby, Even a bash script using CGI - your skill level with the language is likely to make more difference that the language features themselves.
I would use an XMPP server like ejabberd or OpenFire to power the backend. XMPP contains everything you need for creating chat/real-time applications. You can use a Flex/Flash Actionscript library like Actionscript 3 XIFF to communicate with the XMPP server.
Flash is user-unfriendly for UI (forms, etc) and it is relatively easy to do what you want using HTML and Javascript on the front-end.
One possible approach for reading the messages would be to regularly do an Ajax request from the server for any new messages. Format the new message and insert it into the DOM.
You will probably need to answer at least these questions before you continue, though:
1) Are you recreating IRQ (everyone sees your posts), or is this a random one-to-one chat, like chatroulette?
1a) Is this a way for a specific person to talk to another specific person, or is this more like twitter?
2) What is your plan for scaling up if this idea takes off? Memcached should probably be a method of last-resort ("bandaid over a bullet-hole"). What's your roadmap for eventually handling a large volume of messages?
3) Is there any way to ignore users? Talk to certain users? Hide your rants from users?
Hey Zach I had to create a socket server for a flash game I made. I built my server in C#, but I would use whatever language your familiar with. If you let me know what your most comfortable with I could try to help find a good tutorial.
The one thing I spent many hours on was getting flash to work from a website with a socket server. With the newer versions of Flash you need to send back a policy file. In my case this needed to be the first chunk of data sent back to the client when they connected to the socket server.
Not sure what to tell you about structuring the back end. I need to know a little bit more about your programming experience. I had an array of all user connections, and was placing them in different "Rooms" so they could play each other. So just some simple arrays and understanding how to send messages to the clients would help you here.
If you have any familiarity with C# I would have no problem sending you the source code for my socket server.

Categories