crypto

gratipay.security.crypto.get_random_string(length=12, allowed_chars=u'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')[source]

Returns a securely generated random string.

The default length of 12 with the a-z, A-Z, 0-9 character set returns a 71-bit value. log_2((26+26+10)^12) =~ 71 bits

gratipay.security.crypto.constant_time_compare(val1, val2)[source]

Returns True if the two strings are equal, False otherwise.

The time taken is independent of the number of characters that match. https://codahale.com/a-lesson-in-timing-attacks/

class gratipay.security.crypto.EncryptingPacker(key, *old_keys)[source]

Implement conversion of Python objects to/from encrypted bytestrings.

Parameters:
  • key (str) – a Fernet key to use for encryption and decryption
  • old_keys (list) – additional Fernet keys to use for decryption

Note

Encrypted messages contain the timestamp at which they were generated in plaintext. See our audit for discussion of this and other considerations with Fernet.

pack(obj)[source]

Given a JSON-serializable object, return a Fernet token.

unpack(token)[source]

Given a Fernet token with JSON in the ciphertext, return a Python object.