## Securing Data & Passwords In Python
### Data Protection
+ Data protection is the process of safeguarding important information from corruption, compromise or loss.
+ Data protection is defined as “legal control over access to and use of data”.
+ GDPR defines it as “the protection of natural persons with regard to the processing of personal data”.

    - Data Safeguarding : data is safe and secure
    - Data Availability: data is available for usage
    - Data Management: movement/portability,protecting and cataloging and analysis of data
    - Data Storage: Storing data either via primary storage, backups(secondary storage) and archiving
    
### Data Security 
+ Data security is the process of securing data so that only authorized people can access or modify it.   
+ It is a form of data protection against attacks,hacks,etc
    - Identification: who are you
    - Authentication: do you have access to the system/data/confirming identity of user
    - Authorization: what are you allowed or permitted to do
    - Accounting: record of what you did
    - Auditing: tracing every activity related to one granted access
      

#### Data Security
![](securing_data_jcharistech.png)

### Encoding vs Hashing vs Encryption

![](password_hashing_vs_encryption_jcharistech.png)

#### Encoding
+ Transforming data from one form to another form that can be used safely in a different system
+ Uses a schema but not a private secret key
+ Ensures data integrity


#### Hashing
+ Transforming a data/strings into a fixed sized form that cannot be reversed back
+ Plaintext to Hashed Text
+ Uses a hash function/algorithm only
+ One Way Functional Approach
    - MD5
    - Secure Hash Algorithm (SHA)
    - Blake2
+ Usefulness of Hashing
    - Password hashing/storage
    - Digital Signatures/Certificates
    - Checking for file integrity
    


#### Encryption
+ Transforming plaintext data into a ciphertext that can only be read as plaintext if the user has the secret
key
+ Plaintext to Ciphertext
+ Two Way Functional Approach
+ Uses a private/public key to transform our plaintext
+ Uses a key + an algorithm for the process
    - Symmetric Algorithm
    - Asymmetric Algorithm
    - RSA 
    - AES


#### Encoding Libraries
+ base64
+ unicode

####  Hashing Libraries
+ hashlib
+ passlib
+ bcrypt

#### Encryption Libraries
+ cryptography
+ pycrypto

In [1]:
#### Hashing
import hashlib

In [2]:
dir(hashlib)

['__all__',
 '__builtin_constructor_cache',
 '__builtins__',
 '__cached__',
 '__doc__',
 '__file__',
 '__get_builtin_constructor',
 '__loader__',
 '__name__',
 '__package__',
 '__spec__',
 '_hashlib',
 'algorithms_available',
 'algorithms_guaranteed',
 'blake2b',
 'blake2s',
 'md5',
 'new',
 'pbkdf2_hmac',
 'scrypt',
 'sha1',
 'sha224',
 'sha256',
 'sha384',
 'sha3_224',
 'sha3_256',
 'sha3_384',
 'sha3_512',
 'sha512',
 'shake_128',
 'shake_256']

In [3]:
plain_text = "This is secret"

In [4]:
hash(plain_text)

6404514682537372306

In [5]:
# Using Hashlib to Hash A File/Text
hashed_text = hashlib.md5(str.encode(plain_text)).hexdigest()

In [6]:
hashed_text

'878fb5dca64180338f690e61b16ff826'

In [7]:
# Using Hashlib to Hash A File/Text
hashed_text_02 = hashlib.md5(b'This is secret').hexdigest()

In [8]:
print(hashed_text)
print(hashed_text_02)

878fb5dca64180338f690e61b16ff826
878fb5dca64180338f690e61b16ff826


In [None]:
# Rainbow cracking (list of words + hash fxn)

In [9]:
# Using SHA2
hashed_text_03 = hashlib.sha256(b'This is secret').hexdigest()

In [10]:
hashed_text_03

'c231bfc93a4f4e57823d04ce8ec9a7ee5d992a76feaed2f881f20cf7e1b111d7'

In [11]:
# Using SHA2
hashed_text_03_long = hashlib.sha256(b'This is secret key').hexdigest()

In [12]:
hashed_text_03_long

'4a7d8d9801f18229ce9ba8970e4b88e83d981a8b363ab8641ca1234238ab3892'

In [13]:
print(len(hashed_text_03))
print(len(hashed_text_03_long))

64
64


### BCRYPT
+ pip install bcrypt
+ Unicode-objects must be encoded before hashing
+ bcrypt automatically generate a salt and stores it with the hashed result
    - {salt}{hashed_text}
    - useful for matching plain text against hashed text stored in database for login
    
+ rounds/ work-factor: the amount of time and resources required to break the system or process

In [14]:
import bcrypt

In [15]:
# Attributes and Methods
dir(bcrypt)

['__about__',
 '__all__',
 '__author__',
 '__builtins__',
 '__cached__',
 '__copyright__',
 '__doc__',
 '__email__',
 '__file__',
 '__license__',
 '__loader__',
 '__name__',
 '__package__',
 '__path__',
 '__spec__',
 '__summary__',
 '__title__',
 '__uri__',
 '__version__',
 '_bcrypt',
 '_bcrypt_assert',
 '_normalize_re',
 'absolute_import',
 'checkpw',
 'division',
 'gensalt',
 'hashpw',
 'kdf',
 'os',
 're',
 'six',

In [16]:
plain_text

'This is secret'

In [17]:
hashed_text_with_bcrypt = bcrypt.hashpw(str.encode(plain_text),bcrypt.gensalt())

In [18]:
hashed_text_with_bcrypt_bcrypt

b'$2b$12$mZe9dVvlUfPyK1STZ2ZP6e.53hpQfYIUojeSN4rCy.p.u0WK3yNtO'

In [19]:
# Check/Verify the hash
plain_text

'This is secret'

In [21]:
bcrypt.checkpw(b'This is secret',hashed_text_with_bcrypt)

True

In [23]:
# Setting our WorkFactor/Round
bcrypt.hashpw(b'This is secret',bcrypt.gensalt(rounds=14))

b'$2b$14$qsM/bEno49Y4qdNMZG6n7eYq0QSCH.ZweeOlfws2ckAB.0HnrM9zW'

In [24]:
%%timeit
bcrypt.hashpw(b'This is secret',bcrypt.gensalt())

1e+03 ms ± 158 ms per loop (mean ± std. dev. of 7 runs, 1 loop each)


%%timeit
bcrypt.hashpw(b'This is secret',bcrypt.gensalt(rounds=14))

In [26]:
bcrypt.hashpw(b'This is secret',bcrypt.gensalt())

b'$2b$12$G2dXPFvi4l0l3HEFgdXVn.dvF4QrTUde6m/jQFotV30jI6wugmvkG'

In [27]:
hashed_text_with_bcrypt

b'$2b$12$mZe9dVvlUfPyK1STZ2ZP6e.53hpQfYIUojeSN4rCy.p.u0WK3yNtO'

In [28]:
### Passlib

In [31]:
import passlib.hash

In [32]:
dir(passlib.hash)

['__class__',
 '__delattr__',
 '__dict__',
 '__dir__',
 '__doc__',
 '__eq__',
 '__format__',
 '__ge__',
 '__getattr__',
 '__getattribute__',
 '__gt__',
 '__hash__',
 '__init__',
 '__init_subclass__',
 '__le__',
 '__lt__',
 '__module__',
 '__name__',
 '__ne__',
 '__new__',
 '__package__',
 '__reduce__',
 '__reduce_ex__',
 '__repr__',
 '__setattr__',
 '__sizeof__',
 '__str__',
 '__subclasshook__',
 '__weakref__',
 'apr_md5_crypt',
 'argon2',
 'atlassian_pbkdf2_sha1',
 'bcrypt',
 'bcrypt_sha256',
 'bigcrypt',
 'bsd_nthash',
 'bsdi_crypt',
 'cisco_asa',
 'cisco_pix',
 'cisco_type7',
 'crypt16',
 'cta_pbkdf2_sha1',
 'des_crypt',
 'django_argon2',
 'django_bcrypt',
 'django_bcrypt_sha256',
 'django_des_crypt',
 'django_disabled',
 'django_pbkdf2_sha1',
 'django_pbkdf2_sha256',
 'django_salted_md5',
 'django_salted_sha1',
 'dlitz_pbkdf2_sha1',
 'fshp',
 'grub_pbkdf2_sha512',
 'hex_md4',
 'hex_md5',
 'hex_sha1',
 'hex_sha256',
 'hex_sha512',
 'htdigest',
 'ldap_bcrypt',
 'ldap_bsdi_crypt',
 'l

In [33]:
plain_text

'This is secret'

In [35]:
from passlib.hash import sha256_crypt, md5_crypt

In [40]:
# Using Sha256
hashed_text_with_p = md5_crypt.hash(plain_text)

In [41]:
hashed_text_with_p

'$1$Sf4WEPYc$M89s4tdJlPSSB7tCoSH4Z1'

In [38]:
md5_crypt.hash(plain_text)

'$1$rjHEWtah$lONmccrllJVzO3yVkPbgT0'

In [42]:
hashed_text_with_p_2 = sha256_crypt.hash(plain_text)

In [43]:
print("Hashlib",hashed_text)
print("passlib",hashed_text_with_p)

Hashlib 878fb5dca64180338f690e61b16ff826
passlib $1$Sf4WEPYc$M89s4tdJlPSSB7tCoSH4Z1


In [44]:
# Verify the hashed text
md5_crypt.verify('This is secret',hashed_text_with_p)

True

In [45]:
#Salt
s1 = sha256_crypt.using(salt='ef').hash(plain_text)

In [46]:
s1

'$5$rounds=535000$ef$XAUPMA/nvWdc8JidD3lAOS37u5rti2jCR.4yyLrAJL5'

In [None]:
### Encryption
# 2 Way fxn
# pl to ct

In [47]:
plain_text

'This is secret'

In [48]:
import cryptography

In [49]:
dir(cryptography)

['__about__',
 '__all__',
 '__author__',
 '__builtins__',
 '__cached__',
 '__copyright__',
 '__doc__',
 '__email__',
 '__file__',
 '__license__',
 '__loader__',
 '__name__',
 '__package__',
 '__path__',
 '__spec__',
 '__summary__',
 '__title__',
 '__uri__',
 '__version__',
 'absolute_import',
 'division',
 'print_function',
 'sys',

In [51]:
# Symmetric Algo
from cryptography.fernet import Fernet

In [52]:
dir(Fernet)

['__class__',
 '__delattr__',
 '__dict__',
 '__dir__',
 '__doc__',
 '__eq__',
 '__format__',
 '__ge__',
 '__getattribute__',
 '__gt__',
 '__hash__',
 '__init__',
 '__init_subclass__',
 '__le__',
 '__lt__',
 '__module__',
 '__ne__',
 '__new__',
 '__reduce__',
 '__reduce_ex__',
 '__repr__',
 '__setattr__',
 '__sizeof__',
 '__str__',
 '__subclasshook__',
 '__weakref__',
 '_encrypt_from_parts',
 'decrypt',
 'encrypt',
 'generate_key']

In [53]:
# Key + Algo ==> encrypt
secret_key = Fernet.generate_key()

In [56]:
secret_key

b'DzeIPH8sLYnMketQ3rMUbLxLdmuMVwBy0PstDiebPfU='

In [None]:
#DzeIPH8sLYnMketQ3rMUbLxLdmuMVwBy0PstDiebPfU=

In [65]:
file = open('secret_file.key','wb')
file.write(secret_key)
file.close()

In [57]:
# Encryption
f = Fernet(secret_key)

In [58]:
my_text = f.encrypt(str.encode(plain_text))

In [59]:
my_text

b'gAAAAABe18pvoUEbRYdnMtPPnb_cAmNfEZByQT5esIDiPNQzGdnu0kOi9THrKRzaBoXW6-RupDcrUhKZIrSnhwkjOGX1gIsR9A=='

In [60]:
# Decryption
# First Method
f.decrypt(my_text)

b'This is secret'

In [75]:
# Method 2 
key_file = open('secret_file.key','rb')
key = key_file.read()
key_file.close()

In [76]:
new_f = Fernet(key)

In [77]:
new_f.decrypt(my_text)

b'This is secret'

In [78]:
# Encoding
'this is secret'.encode('ASCII')

b'this is secret'

In [79]:
import base64
# 26 Upper
# 26 Lower
# 10

In [81]:
base64.b64encode(b'this is a text')

b'dGhpcyBpcyBhIHRleHQ='

In [82]:
ex1 = base64.b64encode(b'this is a text')

In [83]:
# Decode
base64.b64decode(ex1)

b'this is a text'