Common Python Crypto Pitfalls & Secure Patterns
Avoid hardcoded keys, ECB mode, non-constant-time compares, and more.
The Most Dangerous Crypto Mistakes
Cryptography is easy to use wrong. The most common Python pitfalls: hardcoded keys, ECB mode, non-constant-time comparisons, weak randomness, key/nonce reuse, and rolling your own crypto.
Pitfall 1: Hardcoded Keys
Never embed keys in source code. They end up in git history, logs, and error messages. Use environment variables or a KMS:
# WRONG
SECRET_KEY = b"my_secret_key_12" # visible in git!
# RIGHT
import os
SECRET_KEY = os.environb.get(b"SECRET_KEY") or os.urandom(32)
# Or load from KMS at startupAll lessons in this course
- Python cryptography Library Overview
- AES-GCM Encrypt & Decrypt in Python
- RSA & ECDSA Key Pairs in Python
- Common Python Crypto Pitfalls & Secure Patterns