This project is a comprehensive exploration of cryptographic principles and their application in securing user data. Through a two-part implementation focusing on password storage and Password-Authenticated Key Exchange (PAKE) see here, this project demonstrates robust security practices in application development.
Requirement for the implementation: password storage. Think about it as you are building some application that has user system (username and password) and you need to store the password securely. You should implement your solution, taking into accounts all the attack scenarios we have discussed. Basically the grade will be scored according to how secure your implementation is. The implementation needs to be runnable, where I can enter my username and password for registration and logging in (the interface can be a web app, or terminal etc).
If you are using any cryptographic encryption implementation, you need to use google tink library (except for the hash functions). Implementation using other libraries does not count.
Warning
For running the project locally in an easier-to-debug manner, follow the order below. In the future, we will use Docker-compose for project execution. Respect the following order:
- docker compose up
docker compose up - terminal 2
flask run --host=0.0.0.0 --port=80
We use docker to run the application for simplicity. You can install docker from here.
- Download docker on your computer
- Download the release of the project
- Change the example.env to .env and fill in the environment variables. Then run the following command to start the application:
docker compose upAll the code is written in Python, and we will be using the following libraries:
- Flask
- PostgreSQL database
- Flask-Login
- Argon2
- Google Tink for all cryptographic operations.
graph LR
Front[Flask Frontend] <--> Server
Database[Postgres Database] <--> Server
Server[Flask Backend] --> Postgres[PostgreSQL database]
Server[Flask Backend] --> Flask-Login[Flask-Login]
Server[Flask Backend] --> Argon2[Argon2]
Server[Flask Backend] --> Tink[Google Tink]
Example of Sequence Diagram.
sequenceDiagram
participant U as User (Alice)
participant S as Server (Bob)
participant D as Database
Note over U,S: Registration Phase
U->>S: Hello I want to signup I'm Bob with password "1234"
S-->>S: Hash the password with salt
S-->>D: Store: hashed password & salt
S-->>S: Generate a session token
S-->>D: Store: session token
S-->>U: Welcome Bob | send the session token
Note over U,S: Login Phase
U->>S: Hello, I'm Bob with password "1234"
S-->>D: Retrieve: hashed password & salt
S-->>S: Hash the password with the retrieved salt
S-->>S: Compare the hashed password with the one in the database
S-->>D: Generate a session token
S-->>U: Welcome Bob | send the session token