Using the Python cryptography module with custom passwords

Posted on in Cryptography • Tagged with Cryptography, Programming, Uncategorized • 1 min read

Hey all

I recently discovered a quite cute crypto module for Python. It is divided in two logical security layers. The first (Fernet) can be used by cryptology unaware programmers in a way that makes it unlikely to introduce any security flaws. The seconds layer (called Hazmat) allows access to all kinds of cryptographical primitives, such as HMACS and asymmetric encryption functions.

The Problem

Normally you don't want to use primitives, because it is tricky to do correct (event for advanced programmers). But unfortunately the secure and simple API functionality Fernet:

>>> from cryptography.fernet import Fernet
>>> key = Fernet.generate_key()
>>> f = Fernet(key)
>>> token = f.encrypt(b"my deep dark secret")
>>> token
'...'
>>> f.decrypt(token)
'my deep dark secret

suffers from the huge inconvenience that you need to store (or imagine:remember!) a 32 byte key in order to decrypt the tokens that Fernet outputs.
It would be much more convenient to just pass a password to Fernet which in turn makes a 32 byte, Base 64 encoded encryption token out of it. Of course your own
password is much less secure then 32 bytes from os.urandom(32), but at least it is somehow usable.

So I came up with …


Continue reading

Beautiful, beautiful python

Posted on in Uncategorized • Tagged with Uncategorized • 1 min read

Hey

After a day of programming I went home to program a little bit, trying to find a way to implement some tests for my GoogleScraper project, which lacked focus for a long time. I needed to have some test data, in my case some words to search for with the above mentioned scraper, and once more I realized how powerful Python (or any programming language) is. This silly little code comes in handy, if you need some random words for some testing purposes:

import requests
import re

def random_words(n=50, wordlength=range(10, 15)):
   """Read a random english wiki article and extract some words.

   Arguments:
   n -- The number of words to return. Returns all found ones, if n is more than we were able to found.
   KeywordArguments:
   wordlength -- A range that forces the words to have a specific length.
   """
   valid_words = re.compile(r'[a-zA-Z]{{{},{}}}'.format(wordlength.start, wordlength.stop))
   found = list(set(valid_words.findall(requests.get('http://en.wikipedia.org/wiki/Special:Random').text)))
   try:
       return found[:n]
   except IndexError:
       return found

print(random_words(200, range(5, 6)))
print(random_words(77, range(16, 26))

Lichess.org chess bot!

Posted on in Uncategorized • Tagged with Uncategorized, Programming, Chess • 4 min read

22.05.2014: Updated the bot, should work better now

Hi everyone!

I was in a coding mood during Easter and decided to write a small chess bot with selenium and stockfish engine to cheat a bit on lichess.org.

I think the code is pretty self explanatory and I won't discuss it in depth here. You can tweak the config, the comments should explain what the parameters do.

The config is in the beginning of the code, so modify it there. You should maybe modify it to use your username and password. Make sure that you download stockfish and install it. Then supply the correct path in the 'stockfish_binary' parameter.

As always: Have fun!

Some open issues:

  • Sometimes the last move fails because the bot won't to start a new game before it can checkmate
  • Promoting doesn't work yet :/

Here is the code:

__author__ = 'nikolai'
__date__ = 'Easter 2014'

config = {
    'username' : 'probably_a_spider', # the login username
    'password' : 'somepwd', # the login password
    'stockfish_binary' : '/home/nikolai/PycharmProjects/LichessBot/stockfish-dd-src/src/stockfish', # the path to your local stockfish binary
    #Set to true if the bot should play forever
    'pwn_forever' : True, # if the bot should play endlessly
    'min_per_side' : 1, # how long each player may play …

Continue reading

The dangers of a poorly planned project

Posted on in Philosophical • Tagged with Architecture, Captcha, Philosophical, Programming, Php, Uncategorized, Wordpress • 9 min read

Preface

Do you like to fiddle around with programming projects in your spare time? And do you sometimes start endeavors ambitiously, but you never actually finish them? Are you fucking tired of stacking unsuccessful projects, doing mediocre work while never being thoroughly satisfied in what you do?

If yes, you may be inclined to listen to some words I have to say over my most recent failed project:

The idea was to create my own little captcha plugin for wordpress. You can learn more about the idea by delving into some of my accompanying investigations in the following blog posts:

Honestly I started this project because back in the time I was using this plugin and I was unsatisfied because for these reason. So this context information hopefully points out some of my motivations to start the project in the first place.

The destiny of every badly planned project

As with many spontaneously started projects in came up with in the past, I first was convinced that it was an awesome idea and subsequently started programming head-first without having a clear path or …


Continue reading

Major Redesign of incolumitas.com

Posted on in Learning • Tagged with Themeprojectsnewredesigncsshtml, Meta, Learning, Uncategorized • 2 min read

Hello everybody!

I finally found some motivation and time to give my blog a design upgrade - Basically an endavour that was overdue since this blog has seen the light of the day ;)

On the technical side, this theme is a complete redevelopment. It's not finished yet, on the contrary, it's the very first version and there remain a lot of issues that need to be resolved. For instance: The majority of the CSS code is still rather dirty and of experimental nature. Additionally, I want to include an image slideshow based on unslider.js. Your template function in the your theme would then look something like the following:

if ( ! function_exists( 'clearcontent_header_slider' )):
/*
 * This function includes a minimal jquery slideshow into the header of the site. It uses unslider.js in 
 * order to achieve this objective. Link to github site: https://github.com/idiot/unslider
 */
function clearcontent_header_slider() {
    ?>

    <div class="header-slideshow">
        <ul>
            <li style="background-image: url('<?php echo get_template_directory_uri() . '/pics/slideshow/1.png' ?>');"></li>
            <li style="background-image: url('<?php echo get_template_directory_uri() . '/pics/slideshow/2.png' ?>');"></li>
            <li style="background-image: url('<?php echo get_template_directory_uri() . '/pics/slideshow/3.png' ?>');"></li>
        </ul>
    </div>
    <script type="text/javascript">
        var $j = jQuery.noConflict();

        // Use jQuery via $j(...) instead …

Continue reading

Success

Posted on in Uncategorized • Tagged with Uncategorized • 4 min read

Have you ever wanted to know some strategies and hints how to be more successful in your daily work?

Well, here, i'll compile a list of thoughts and scenarios of effective working, which worked for me or seems to be at least reasonable in my future working career.

To illustrate and give an example for every wisdom, we use the example for a job assignment I could found myself in: The fictional job requires the accomplishment of a security audit of the employers content management system written in PHP. We have access to all sources, although the project is proprietary and is under a restrictive license.

1. Develop broad general knowledge.

The curios reader would ask now, why the hell do we need a proper general knowledge to scan a web application for programming errors which might weaken its security? Well, before you begin reading every line of code and do the formal, rather static part of your work, you'd better square the context of your task with your general knowledge: Where do the people, who wrote the application live at? Which language do the speak? What does the company which runs the cms exactly offer?

2. Work at least …


Continue reading