How to store passwords?

MRAB google at mrabarnett.plus.com
Wed Jan 7 23:00:12 CET 2009


Oltmans wrote:
> On Jan 8, 1:55 am, "Sebastian Bassi" <sba... at clubdelarazon.org> 
> wrote:
> 
>> In general you don't store the password, but a "hash" of it. Then 
>> when the user logs-in, you hash it and compare the result with the
>> stored hash. About hash, use sha, look 
>> here:http://docs.python.org/library/hashlib.html#module-hashlib
> 
> But the thing is that I will ask the user for user name and password 
> only once i.e. when they start the application for the first time. 
> After that, I'm not supposed to ask the user name and password again.
> So in this scenario, if I store a hash on the disk I cannot retrieve
> plain-text string back from my hash as I've to send user name and 
> password to the server in plain-text.
> 
Is the application itself password-protected? If not, then there's no
point in encrypting the username and password for the server in a file
because anyone could just run the application after the first time and
use it to access the server.



More information about the Python-list mailing list