SimpleCrypt

From Dabo Wiki
Jump to: navigation, search

SimpleCrypt is pretty much what its name implies: a very simple tool for encrypting stuff. Technically, what we are doing is taking plaintext and turning it into ciphertext. SimpleCrypt is included with Dabo, and is the default tool for encrypting/decrypting passwords stored in connection files.

This is great for testing and development, but you should not use it in production environments. There are two main reasons:

  1. Anyone with a copy of Dabo could decrypt your password.
  2. It isn't portable between 32-bit and 64-bit python. See the trac ticket at http://trac.dabodev.com/ticket/1179 for more information.

Essentially, this makes what SimpleCrypt does more like "obscuring" your data, and not actually encrypting it.

A better choice to use for creating the encrypted ciphers is the The Python Cryptography Toolkit, otherwise known as PyCrypto. If this is installed on a system running a Dabo application, and you've set the encryption key, Dabo will use the DES algorithm in this library instead of the much weaker algorithm that SimpleCrypt uses.

The key is set by setting the value of dabo.cryptoKeyDES; this is typically done by including the line:

crytoKeyDES = "Some Text Value"

in your application's settings_override.py file, or by setting it early in your application. Be sure that it is set before the first call to dApp.encrypt() or dApp.decrypt().