How to store passwords?

News123 news123 at free.fr
Wed Jan 7 18:26:17 EST 2009


Oltmans wrote:
> I'm writing a program in which I will ask users to enter user name and
> password once only. It's a console based program that will run on
> Windows XP. Actually, I'm trying to provide the similar functionality
> as "Remember me" thing in browsers. For that, I will need to store
> user name and passwords on the disk. I don't have a background in
> Crypto so how do you suggest I do that? What algorithms shall I be
> using? Moreover, I cannot use a whole library to do that due to
> certain issues. However, I can use like 1--2 files that will be
> shipped along with the main script. Any ideas? Any help will be really
> appreciated. Thanks.

If you have to store user name and password in order to send them at a
later time to another application, then there is really no point for
encryption.

If your script can read it, then anybody who can read your script (and
thus the encryption password) will be able to decrypt the username and
password.

One exception on linux: suid executables writing the password file with
restricted permissions, but then you rely on file system permissions and
not on passwords


ANother exception would be if
- you start your python script
- you enter a password interactively
- the user switches then over enters his username and password,
	which you encrypt with your interactive pwd

Lateron you could
- start your script
- enter your interactive password
- read the encrypted user name / passwords from a file and send them
over the network.



Perhaps it would be best if you explain EXACTLY, what you would like to
achieve and who trusts whom,  whom you want to hide the passwords from,
etc .



bye


N



More information about the Python-list mailing list