Fernet - SparTech Software

Fernet is a symmetric encryption method designed to provide both confidentiality and authenticity for data. It is implemented in the Python cryptography library and is widely used for securely encrypting and authenticating messages.

Key Features

• Symmetric Encryption: Fernet uses a single secret key for both encryption and decryption. This key must be kept secret; anyone with access to it can decrypt and forge messages.
• Authenticated Encryption: Fernet not only encrypts data but also ensures its integrity and authenticity. This means that encrypted messages cannot be tampered with or read without the key.
• AES Algorithm: It uses AES (Advanced Encryption Standard) in CBC (Cipher Block Chaining) mode with a 128-bit block size for encryption.
• HMAC for Authentication: Fernet uses HMAC (Hash-based Message Authentication Code) with SHA256 to authenticate the encrypted message, ensuring it has not been altered.
• Initialization Vector (IV): Each encryption operation uses a new, randomly generated IV to ensure security even if the same plaintext is encrypted multiple times.
• Timestamps: Fernet tokens include a timestamp, allowing for token expiration and limiting the validity period of encrypted data.
• Key Rotation: Fernet supports key rotation, allowing you to update keys without losing access to previously encrypted data.

How Fernet Works

1. Inputs: The main inputs are the plaintext message, a 256-bit (32-byte) secret key, and the current timestamp.
2. Encryption: The plaintext is padded (using PKCS #7), then encrypted with AES-CBC using the secret key and a random IV.
3. Authentication: An HMAC is computed over the version, timestamp, IV, and ciphertext to ensure integrity.
4. Token Creation: The encrypted data, IV, timestamp, and HMAC are combined and encoded as a Fernet token, which is URL-safe and can be transmitted over the web.

from cryptography.fernet import Fernet

key = Fernet.generate_key()      # Generate a new key
f = Fernet(key)
token = f.encrypt(b"my secret")  # Encrypt data
plaintext = f.decrypt(token)     # Decrypt data

Russia-based Banana Squad is hiding data-stealing malware in fake GitHub Python-based hacking tools.
Banana Squad, a threat actor group, has been running a sophisticated malware campaign by hiding data-stealing malware in fake GitHub repositories. These repositories were designed to look like legitimate Python-based hacking tools, tricking developers and users into downloading and running malicious code.

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC

Key Features

How Fernet Works

Related