Hiding token information from users

Steven D'Aprano steve+comp.lang.python at pearwood.info
Tue Aug 23 12:55:11 EDT 2011

Tobiah wrote:

> I really need some sort of
> algorithm that will let me take an unknown string and generate
> the encrypted bit on the fly.

Google broken for you? *wink*

Seriously, there are about a bazillion algorithms for encrypting and
obfuscating strings. Depending on your security requirements, that can be
as simple as rot13 and as complex as blowfish (or even more so).

If it helps, I have a module that implements a selection of classical (i.e.
insecure) encryption algorithms:


Earlier, you said:

> The secret is not like
> the key to Fort Knox.  We would rather not have the plain
> token out there, as it's internal business information,
> but we don't have to protect the information at all costs.
> Just making it really inconvenient to extract is fine.

I don't understand the point of this. What could your users do with the
plain token that they shouldn't? I don't see why, if it's not worth
encrypting properly, why it's worth obfuscating it at all.


More information about the Python-list mailing list