Password validation security issue
ian.g.kelly at gmail.com
Mon Mar 3 02:49:27 CET 2014
On Sun, Mar 2, 2014 at 4:10 PM, Renato <rvernucio at gmail.com> wrote:
> I would like to thank every one who posted a reply. I learnt a lot from you, guys! I appreciate your attention and your help :)
> I took a class on Computer Simulation last year. It was told that deterministic (pseudo-)random numbers are excellent for simulations, because they allow debugging and replication when using a seed(). But it was said that deterministic random numbers weren't indeed suitable for encryption and security issues in general. For this purpose, non-deterministc stochastic methods would be more indicated. I learnt a lot about deterministic random numbers generation in this course, like using Mersenne Twister algorithm, but I learnt nothing about encryption, since it wasn't in the scope of that course. Could you suggest some introductory material concerning encryption? I have an intermediate math background (calculus, linear algebra etc) and I'm willing to learn more about security matters.
> One last thing, about my original question. So, the only way of encapsulating a Python script content is to code a simple binary program to call it?
Another alternative would be to implement the script as a service that
runs under a separate account. All the user can directly access is a
client script that sends requests to the service, which does the
actual work and is effectively encapsulated.
I'll also reiterate what others have written about protecting
passwords. No matter how much you think you've locked down the
script, you shouldn't be storing plaintext passwords *anywhere*.
Remember that nothing that you code will ever be as secure as you
think it is.
More information about the Python-list