StevenMapes
commented
2 years ago Closed as the PR was merged in, though I will make another PR shortly with the updated README
Closed StevenMapes closed 2 years ago
StevenMapes
commented
2 years ago Closed as the PR was merged in, though I will make another PR shortly with the updated README
It would be nice to be able to rotate the salt from time to time for increased security (longer salts). I've just added a PR #1 for this based on how django-fernet-fields.
My idea is to make the SALT_KEY a list where you can add new keys to the front of the list. It if's not a list then it's convert into one within the EncryptedFieldMixin for backward compatibility. Then the class properties that are currently there are moved to cached_property methods so that multiple keys could be built and then the Fernet call is replaced by MultiFernet if more than one key is to be checked.
This allows older encrypted records to be read whilst new entries will be saved using the new key. This is useful as it allows people to load an object then save it in order to re-hash and encrypt the plain-text value.
This could be extended in the future to add new settings.py entry to allow the kdf to be changed from PBKDF3HMAC to something else if required or, for now, just by extending the class and overloading the new keys method.
This is all based on https://github.com/orcasgit/django-fernet-fields which is a popular encryption field package but it no longer maintained