This addresses CVE-2018-10903:
A flaw was found in python-cryptography versions between >=1.9.0 and
<2.3. The finalize_with_tag API did not enforce a minimum tag
length. If a user did not validate the input length prior to passing
it to finalize_with_tag an attacker could craft an invalid payload
with a shortened tag (e.g. 1 byte) such that they would have a 1 in
256 chance of passing the MAC check. GCM tag forgeries can cause key
leakage.
... although snappass isn't affected because we doesn't use the
vulnerable `finalize_with_tag` API.
Using symmetric encryption in the `cryptography`'s `Fernet` class,
we can ensure that no one can snoop the passwords simply by having access
to the Redis store.
An encryption key is sent to the secret receiver, along with the 32 character
Redis key that identifies the secret, which is needed to decrypt the password.
