Privy: An easy, fast lib to password-protect your data
ofekmeister at gmail.com
ofekmeister at gmail.com
Thu Jul 6 02:53:35 EDT 2017
> The person spamming right now would be you. You just posted a link,
> without any explanations, any marketing blurbs, nothing.
I've explained everything as succinctly as I can in the readme. Pasting bits of it here would not benefit anyone.
> Why would I use your tool instead of something established, that has
> been properly audited — say, PGP for example?
Did you read the page? PGP and Privy are used for different things. A key manager could, though, use Privy to store private keys.
> How do I know your one-man project has no security holes, backdoors,
> or other vulnerabilities? How do I know that the encryption method
> chosen by you is sound? If there is no leaked data?
Privy is a thin wrapper around Cryptography's (OpenSSL) Fernet interface https://github.com/pyca/cryptography/blob/master/src/cryptography/fernet.py and https://github.com/hynek/argon2_cffi which is simply a binding to https://github.com/p-h-c/phc-winner-argon2
Privy itself is really just 40 SLOC https://github.com/ofek/privy/blob/a3d4bdb24464ad85606c1ab5e78c58ae489b0569/privy/core.py#L42-L82
> And I really dislike the description of your project ...
> What does “password-protecting” mean? Why is this not “encrypting”?
This is encryption, but specifically by means of a password. This paradigm is often tricky to get correct. https://security.stackexchange.com/questions/88984/encrypting-with-passwords-encryption-of-key-vs-data
> How do you expect this to work with API keys?
Encrypted keys would likely be stored in a DB somehow. Check out https://github.com/fugue/credstash
More information about the Python-list
mailing list