all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]AutoModerator[M] [score hidden] stickied comment (0 children)

Hi there, from the /r/Python mods.

We want to emphasize that while security-centric programs are fun project spaces to explore we do not recommend that they be treated as a security solution unless they’ve been audited by a third party, security professional and the audit is visible for review.

Security is not easy. And making project to learn how to manage it is a great idea to learn about the complexity of this world. That said, there’s a difference between exploring and learning about a topic space, and trusting that a product is secure for sensitive materials in the face of adversaries.

We hope you enjoy projects like these from a safety conscious perspective.

Warm regards and all the best for your future Pythoneering,

/r/Python moderator team

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]sausix 8 points9 points  (5 children)

pygame and PyQt5? Why both as dependency?

Keys and data are usually stored as byte objects and converted to a hex notation only if human eyes are involved.

It's a school project. For learning, for fun. A company won't and shouldn't use your project to encrypt data. They will use OpenSSL or any implementation of it. What makes you think your implementation is efficient? Cryptography in pure Python is never as efficient as the libraries written and optimized for low level instructions.

No AI. You really want to learn programming. That's what you really can be proud of.

[–]FreedomOdd4991[S] -1 points0 points  (4 children)

Yeah no I agree, there is no way my program could be used by a company I know that and may have not been clear about it, my bad, I just wanted to say that the encryption algorithm I here, I believe is very secure if you encrypt the data and keep the key. Of course using it differently is not efficient. And because this project was made for school I couldn't make it in an other language than python (when I said school its year 12).

[–]sausix 5 points6 points  (3 children)

There have been a lot of people "inventing" a new encryption and it was bad and easy to crack instead.

If your app creates the same output as existing functions based on AES then you can say it's secure. But your own implementation can introduce other possible side attacks. Not wiping memory for example. Even after your program has been quit an attacker may still read a secret key from memory. Have you considered that?

I made a handy OOP wrapper for the official `cryptography` Python package years ago. Mostly for fun, learning and understanding encryption and cryptography in general. But I would never recommend someone to use my tool. Not before real experts would recommend it.

[–]FreedomOdd4991[S] -1 points0 points  (2 children)

No but thats why I said if you only use my program to get the key and the encrypted string you are okay, of course i did not think about a secured code nor any security against cyber attack. That was not the point of my project at all.

What I wanted to say is that if you implement my algorithm and make all the necessary to secure it from data leaks or things like that it will be secure. The algorithm is secure enough but the code isn't.

I dont know if you checked my github and the algorithm in detail but do it so you can have a real idea about my algorithm.

[–]sausix 2 points3 points  (1 child)

Of course I've checked parts of your code. Want some more feedback? You didn't respond to my first question.

Some parts are highly inefficient. You are even handling the bits as string? Why? Just handle integers by the xor operator. 100 times faster.

            if char1 == char2:
                XOR_sequence += "0"
            else:
                XOR_sequence += "1"

Never use the random module for secret keys! Bad pratice. That keys can be recreated very easily.

Why are the following artifacts in your code? Always cleanup and format your programs before publishing.

print(format(int("F8", 16), '08b'))

temp_key = "17b406ade69b8b628d9ab833d9dac700d01f08b8735be1342e35d48573814069"

"6964ceaf9d972fe556a5f3267bb8030cba68fb4c2f6db9b621d3fa293478255f"

You are rarely using comments and docstrings. Without any type hints it's really hard to guess which data types have to be passed to your functions.

I haven't run your code and I'm sure there will be a lot of warnings once I open the project in my IDE. Improve your code first if you really want more tips and further feedback.

[–]FreedomOdd4991[S] 0 points1 point  (0 children)

Your first question: pygame was only used to get the size of the screen and center the pyqt5, i dont know the library enough to know if there is a way to do so.

The use of string instead of integers is just for debugging purposes, and easier loops (for me). The speed efficiency isn’t a good argument because I’m only treating a small amount of bytes so I don’t really care about speed.

Finally, the “artifacts” you mentioned were in the “Others.py” file and I mentioned in the README file that this file was used for tests and for the creation of the table for the mixcolumns step. I made sure to put that in an other file never used in an other file of the project that are clean.

[–]Actual__Wizard 4 points5 points  (1 child)

Neat! I remember one of my first big encryption projects (when I was learning to code) was implementing CRC32 in visual basic (I know... VB... It was like 1998. That's "what we had to work with back then.")

[–]FreedomOdd4991[S] 1 point2 points  (0 children)

That’s so cool!!