Encryption for a UUID1 string is slow

Question

Encryption for a UUID1 string is slow

Closed this issue 9 years ago · 4 comments

I used a short salt (3 characters) to encrypt a UUID string (34 characters). It takes about 500ms. That's not acceptable if I apply this library in a web route handler.

Answer 1 · 2016-01-06T10:31:34.000Z

(1) do you mean password? there is no salt in the simple-crypt API.

(2) a three character password is not secure.

(3) the reason that simple-crypt is slow is because it tries to make the encryption secure against bad passwords (each password guess will take 500ms).

for all these reasons, i suspect this is not the library for your task.

Answer 2 · 2016-01-06T14:15:58.000Z

(1) Yes. The password.
(2) Three characters is only example only.

I would like to use the library as a part of a booking confirmation via email. The password is a random string. The text is the booking id. The encrypted result is sent to booker via email. I would appreciate if you have an idea on which library I should use. But I'll give this library a try first due to the simple interface. 👍

Answer 3 · 2016-01-06T15:53:35.000Z

ok, so i guess the first question is why do you want to encrypt the booking ID? when i book things online they usually don't encrypt the booking ID.

maybe you need something that depends on the booking ID, but is hard to guess? if so, you might want to use a hash:

>>> from hashlib import sha256
>>> sha256("my booking id" + "a random value known only to my software").hexdigest()
'5a5f439efb053e2b3e2107f4c7a80c02599bb0a395efd79542f10ce59b7c6884'

Answer 4 · 2016-01-07T01:21:08.000Z

Yes, I want to create a hard-to-guess hash which depends on the booking ID. In my implementation, I do not store this hash (by design). Therefore hashing, because of its one-way algorithm, is inapplicable for me. Symmetrical encryption should fit better.
Anyways, thank you for your support. I'm closing this thread.