Password validation security issue

Renato rvernucio at gmail.com
Mon Mar 3 00:10:06 CET 2014


I would like to thank every one who posted a reply. I learnt a lot from you, guys! I appreciate your attention and your help :)

I took a class on Computer Simulation last year. It was told that deterministic (pseudo-)random numbers are excellent for simulations, because they allow debugging and replication when using a seed(). But it was said that deterministic random numbers weren't indeed suitable for encryption and security issues in general. For this purpose, non-deterministc stochastic methods would be more indicated. I learnt a lot about deterministic random numbers generation in this course, like using Mersenne Twister algorithm, but I learnt nothing about encryption, since it wasn't in the scope of that course. Could you suggest some introductory material concerning encryption? I have an intermediate math background (calculus, linear algebra etc) and I'm willing to learn more about security matters.

One last thing, about my original question. So, the only way of encapsulating a Python script content is to code a simple binary program to call it?

Regards,
Renato


Em sábado, 1 de março de 2014 14h49min49s UTC-3, Renato  escreveu:
> Hello everybody, I implemented a password validation with a Python 2.7.5 script in OpenSUSE 13.1. The user calls it passing 'login' and 'password' as arguments. I made a dictionary in the format hashtable = {'login':'password'} and I use this hash table to compare the 'login' and 'password' that were passed in order to validate them. The problem is that any user who can execute the script will be able to read it too (since it must be read by python's interpreter), and this is causing some security issues since any user can access all other users' passwords if he opens this script and reads the code.
> 
> 
> 
> My question is: is there a way of preventing the user from reading the script's content? Is there any strategy I could use to hide the passwords from the users?




More information about the Python-list mailing list