General Password questions
Riccardo Attilio Galli
riquito at riquito.matrix
Tue Sep 23 18:02:37 CEST 2003
On Tue, 23 Sep 2003 09:28:49 -0400, Peter Hansen wrote:
> Riccardo Attilio Galli wrote:
>> what about if I would reload an entered password?
>> I wrote an e-mail client, and I haven't found a way to store the password
>> that an user enter the first time and use it when the program is restarted.
>> I don't want to ask to the user every time the account password, but also
>> I don't want to store it as plain text.
>> Do you know what is the usual practice in these cases?
> In a nutshell, this is the point: you never use the plaintext form of
> the password. As soon as it is entered, you convert it to a hash. You
> store the hash, and if a user later enters a password and you need to
> check it, you convert *it* to a hash and compare the hashes. Never,
> ever, store or compare plain text passwords. Does that help?
I think you have misunderstood me(mmm, I hope it sound polite enough in
english). An user should never enter the password again. I know how hashes
work, and they're useful when I can compare an entered password with an
hash value, but here I need that the user don't enter a password anymore
(after the first time).
The natural use of the program would be:
run the e-mail client for the first time
user enter his e-mail password
the client check for new mails
user close the client.
user run the e-mail client
the client check for new mails WITHOUT ask for a password
user close the client
I hope I was clearer. I think Richard got the point, whit a "sad but true"
~@. ideralis Programs
More information about the Python-list