If the only thing exposed was encrypted fernet tokens then there is no
way to determine the key used by those tokens short of a brute force
attack. Based on what you're describing users could potentially have
run a chosen plaintext attack as well, but Fernet's construction
(AES-CBC with random IV +
Hello to all devs, I'm using Fernet with Django to store some private
external data in a Regulators Website.
Recently, that data has been exposed in encrypted form by a mistake.
Each user saw some of their data in encrypted form in the configuration
view, and if it modified them, the filtered conte
