[Tutor] Protecting username - password items in python3.3
Dave Angel
davea at davea.name
Fri Oct 11 04:22:19 CEST 2013
On 10/10/2013 19:30, Paul Smith wrote:
>
>
> <div dir="ltr">I am automating my email login to yahoo... I run my python script injecting username and password into the login fields... I run my own filters grab only the information I want... Not a new concept just a new twist I am working on... I need to keep the username and password info in my python code hashed or encrypted somehow without referencing an outside source or file. I don't care about the program being locked down, we intend on githubbing it eventually, I just need the ability to protect any username or password items written in the code. Is this possible? <div>
> <br></div><div>No one is out to get us or else they would already have us, lol. Ideas have consequences and though not nefarious it could be easily uglified um just think automated function married to a password cracker. I just know that I want to protect any and all information like real email addresses or passwords folks may use with our script. </div>
> <div><br></div><div>-Paul</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Oct 10, 2013 at 5:49 PM, Oscar Benjamin <span dir="ltr"><<a href="mailto:oscar.j.benjamin at gmail.com" target="_blank">oscar.j.benjamin at gmail.com</a>></span> wrote:<br>
> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 10 October 2013 22:28, Paul Smith <<a href="mailto:paulrsmith7777 at gmail.com">paulrsmith7777 at gmail.com</a>> wrote:<br>
>
Lots of words, not much clarity. You're writing a script, and you'll
allow anybody to read the script. But you don't want them to be able to
analyze the script to see what name and password are being used. How
about you encode it as the first letter of each token, and hope they
don't notice? Or maybe pig latin.
If the data is in the text file, and "they" can examine, modify and run
the text file, the data is totally insecure. So just don't show them
the script, and don't let them run it, and don't run it yourself unless
you're in a dark closet with no wires leaving the room.
What you seem to want could be cracked in half an hour if you do it in
Python. And in a day if you do it in C.
--
DaveA
More information about the Tutor
mailing list