Skip to content

A student project on cryptography featuring a secure password storage.

License

Notifications You must be signed in to change notification settings

GuillaumeDorschner/ESILV-Cryptography-S8-1

Repository files navigation

image

Project CryptoGraphie - 1

Guillaume Dorschner & Jules Deleuse

A4 - CCC

Introduction

This project is a comprehensive exploration of cryptographic principles and their application in securing user data. Through a two-part implementation focusing on password storage and Password-Authenticated Key Exchange (PAKE) see here, this project demonstrates robust security practices in application development.

Project Implementation

Requirement for the implementation: password storage. Think about it as you are building some application that has user system (username and password) and you need to store the password securely. You should implement your solution, taking into accounts all the attack scenarios we have discussed. Basically the grade will be scored according to how secure your implementation is. The implementation needs to be runnable, where I can enter my username and password for registration and logging in (the interface can be a web app, or terminal etc).

If you are using any cryptographic encryption implementation, you need to use google tink library (except for the hash functions). Implementation using other libraries does not count.

Getting Started

Installation

Warning

For running the project locally in an easier-to-debug manner, follow the order below. In the future, we will use Docker-compose for project execution. Respect the following order:

  1. docker compose up
     docker compose up
  2. terminal 2
     flask run --host=0.0.0.0 --port=80

We use docker to run the application for simplicity. You can install docker from here.

  1. Download docker on your computer
  2. Download the release of the project
  3. Change the example.env to .env and fill in the environment variables. Then run the following command to start the application:
docker compose up

What we will be using

All the code is written in Python, and we will be using the following libraries:

graph LR
    Front[Flask Frontend] <--> Server
    Database[Postgres Database] <--> Server
    Server[Flask Backend] --> Postgres[PostgreSQL database]
    Server[Flask Backend] --> Flask-Login[Flask-Login]
    Server[Flask Backend] --> Argon2[Argon2]
    Server[Flask Backend] --> Tink[Google Tink]
Loading

Diagrams and Explanations

Example of Sequence Diagram.

    sequenceDiagram
    participant U as User (Alice)
    participant S as Server (Bob)
    participant D as Database

    Note over U,S: Registration Phase
        U->>S: Hello I want to signup I'm Bob with password "1234"
        S-->>S: Hash the password with salt
        S-->>D: Store: hashed password & salt
        S-->>S: Generate a session token
        S-->>D: Store: session token
        S-->>U: Welcome Bob | send the session token

    Note over U,S: Login Phase
        U->>S: Hello, I'm Bob with password "1234"
        S-->>D: Retrieve: hashed password & salt
        S-->>S: Hash the password with the retrieved salt
        S-->>S: Compare the hashed password with the one in the database
        S-->>D: Generate a session token
        S-->>U: Welcome Bob | send the session token
Loading