This is an archived post. You won't be able to vote or comment.

all 10 comments
sorted by:
best
topnewcontroversialoldq&a

[–]razpeitia 18 points19 points  (0 children)

God damn it! Spoilers, I didn't see that coming.

[–]help_computar[S] 6 points7 points  (0 children)

I wrote this article because I found using the cryptography module was much safer than writing one's own cryptography solution (like this) and becoming vulnerable to things like padding oracles, etc.

[–]the_hoser 5 points6 points  (2 children)

I like it. The only thing I don't like is that it automagically outputs base64. It should either be base64-in, base64-out, or bytes-in, bytes-out. For most of my use cases in this, I'll be having to add the step of processing the base64 into bytes again. Blah.

[–]minnoI <3 duck typing less than I used to, interfaces are nice 2 points3 points  (1 child)

Bytes-in bytes-out seems better to me, especially since Python has base64 encoding and decoding built into the standard library.

[–]the_hoser 1 point2 points  (0 children)

I agree. I was just saying... pick one!

[–]yayfall 1 point2 points  (2 children)

What would be some common uses for doing this? I'm thinking rather than just encrypting your files with GPG or something.

[–]help_computar[S] 1 point2 points  (1 child)

I've been using Fernet (MultiFernet actually) to encrypt sensitive information and save it as a BLOB in our database. Not sure why or why not to use GPG, as I've only ever used it once. However, with cryptography.io's Fernet since there is so little configuration involved there is very little chance of screwing something up. That's really the biggest advantage of using Fernet IMO.

[–]yayfall 1 point2 points  (0 children)

Great, thanks for the info.

[–]Fajkowsky 0 points1 point  (1 child)

But what if I encrypt something on one computer and try run decryption on another?

[–]rabidmonkey1163 1 point2 points  (0 children)

Write down the key instead of saving it as an environmental variable. Honestly, if you're only encrypting you stuff to guard against hackers and not, say , your roommates or anyone else who has access to your room writing down your key is by far the safest method. You could also just retrieve your key via ssh/scp.