Hello, World! Today well be looking at some implementation of encryption in a real world setting by building a password manager application. After learning some introduction to password salting and hashing and AES Encryption, I wanted a good project to give me some hands on experience working with the topics. The goal of this project is to give a guide so others can follow my steps at home if they would like to, all the resources used in this project are free, and it just requires a working computer. Well use python to create a script that saves and stores passwords using salting and AES Encryption. Lets get started!

What is Password Hashing / Salting & AES Encryption?

Password Hashing is a process where a password is converted into an encrypted unreadable text or string. Hashing only encrypts in one direction, meaning it cannot be reversed when calling back for the password, and it is impossible (or extremely difficult ) to retrieve the original password from the hash. Salting is a process that adds a random string to a password before it is hashed, which makes cracking passwords much harder.

AES Encryption is a symmetric key encryption algorithm that encrypts sensitive data, using the same key for encryption and decryption. AES also encrypts data into fixed size blocks, so things like password length are more obfuscated. In our password

Why are things like password hashing / salting and Encryption important for password storage? Confidentiality and Integrity are two major concepts in cybersecurity, and ensuring sensitive data is stored in secure measures is great practice. Encryption is a great way from preventing unauthorized users from accessing sensitive data. You may not be able to keep attackers from accessing your stored passwords, customer data, confidential information, etc. But adding in encryption means that even if the worst happens and bad actors do access this information, it will be extremely difficult to make any sense of it. Keeping this data secure while maintaining integrity is crucial, hashing and salting means we can achieve this as the password plaintext is never transmitted, only a hashed value, and is easily verifiable. These two forms of security might not be perfect for every use, but ensuring your sensitive data is confidential and easily accessible is a necessity in todays cybersecurity ecosystem.

Creating Script & Installing Prerequisites

Our first step today will be installing Python 3.0 or newer. You can find a link to install python below. Simply download the installer, and during installation be sure to check the small box on the bottom that links python to PATH.

After python is installed correctly, we can install some other python prerequisites that will help us use AES Encryption and Password Hashing / Salting. First well install Bcrypt, which is a password hashing function. It uses salting as well, and is very intensive and slower than some other alternatives, but as a result is very secure. Next, well install the cryptography library for AES Encryption. The cryptography library will import the algorithms necessary for AES Encryption and some other types as well. Simply open command prompt after Python is installed correctly and use the commands below to install each feature.

Bcrypt – pip install bcrypt

Cryptography – pip install cryptography

Next, we can create the library and file for our python script. Well need to create a file folder for our application, personally I created a file folder on my desktop named Password_Manager. Next, we can create a new text file for the script itself. I renamed my file to Password_Manager.py, the .py is important as it defines the script as a python script. Next well edit this script, to do so we can right click on the file and edit in notepad to begin typing in our code.

Building Python Script

Before we continue, Ill provide a link to a document containing all the code used in my python script. If you’d like to build this at home feel free to copy and paste this text into the python script and save, and you should have a working password manager! However coding this project forced me to refine some of my python skills and of course using the encryption and hashing/salting is new to me, so in this section Ill break down my code, explain why certain features are used, and explain how our passwords are being stored and manipulated by the application.

https://docs.google.com/document/d/1H8TJ9GTOCJ1Od-gxUyzoEEzwwnfz6-EnXAAfSFqTU-U/edit?usp=sharing

This project will involve the creation of two other files while the application is in use, one JSON file for storage of the password, and one key storage file. Well need to create some functions for the creation and editing of these files, but they are crucial to its function, so if you use this program at home, DONT DELETE THEM! Doing so is a surefire way to lose your stored passwords or keys used to encrypt them.

Our first step in creating the script is to import some libraries into our script using the import function.

Our script will have two sections, one where we define different functions for storage, encryption and hashing, and the other will consist of a main function that asks the user for input and gives responses. First, we define all our functions needed, then well build the main function after.

Next, well begin creating functions for hashing and salting. First, we can define a new function: hash_password. The function takes input for the password, and then we use gensalt() to generate a unique salt for each password input. Next, we use hashpw() to hash the password along with the salt that was generated. Finally return the hashed and salted value along with .decode() in order to store the data as a string.

Now well define a new function for password verification. This function compares the input password to the stored hash value to verify the input password is correct. checkpw() is the function doing the comparison, and it encodes the stored hash and the input password, comparing the two to verify.

Next, lets make a function for our encryption keys. First well generate a key file, and then we can use an if else statement to check if keys may already exist. Fernet.generate_key() will generate a random secure AES key. This function can now be used to generate or load in keys stored in our key file.

Now lets use this function to make an encrypt function. The function will use the data (in this case, the password) and the key generated. the fernet= fernet(key) creates a fernet object for encryption. Then, we encrypt using the fernet.encrypt(), inputting the JSON data and encoded into bytes using encode().

Well do the same next to make a decryption function. This function takes the encrypted data and key, creates a fernet object, and then decrypts JSON data using the fernet.decrypt function. It also decodes the bytes into string for this process using decode().

Now all we need to do is make a function for loading and saving passwords. First, well define our loading passwords function. The key is called, and we use an if statement to ensure the password file exists. Then, the function reads the encrypted data, and returns the decrypted stored password hash.

Now finally, a function to save and store passwords. The function inputs the passwords and key and uses the encrypt_data function from earlier to create the encrypted hash, then opens and writes to the JSON password storage file. After completed, it returns a success message.

Lets now build a function for adding and retrieving passwords: These functions both print text for context and ask the user for input, adding the password you enter the website or app along with desired password, and the passwords are hashed and encrypted, then saved. On the other hand when they are retrieved, the user inputs the desired website and if the password is stored, it verifies the input with the stored hash. Awesome, now we have all the functions necessary for encrypting/decrypting and hashing our passwords.

We can now begin building our main function, which will actually run our password manager and ask the user for input on what the desired action is. The main function loads the encryption key and password database, and gives the user a menu of options to select. Finally, the if __name statement at the end ensures the main function is only ran when the script is ran directly, avoiding our password manager from running automatically. Now our code is finally complete and we can move on to some use and testing of the password manager!

Use & Testing

The video below shows me testing and using the password manager, as well as showing the process of how the passwords are saved and key generation. As you can see, we are able to save passwords to the JSON file where they are easily retrieved at any time, and our AES Encryption and Password Hashing and Salting make it near impossible for bad actors to decrypt the saved passwords.

Summary

This project was great for enhancing my python skills and getting hands on experience with some encryption and cybersecurity fundamentals. Building a project that shows both confidentiality and integrity was also a great experience, and I like real world implementation of the CIA triad was a great help in my studies for the COMPTIA Security +. Managing and securing sensitive data is a huge part of any modern IT infrastructure, and building something functional while maintaining security standards was a great way for me to learn more about both of these concepts. If you have any questions on this article or would like to reach out, simply leave a comment below or you can reach me on my contact page. Thank you for reading!