[Tutor] Python "password" securely hashed in script
Steven D'Aprano
steve at pearwood.info
Wed Apr 27 12:44:38 EDT 2016
On Wed, Apr 27, 2016 at 08:47:14AM -0400, Paul Smith wrote:
> So creating small programs that automate my day specifically logins, how
> can one "hash" or hide the user and pass items in the python script itself?
You can't, really.
For *low security* passwords, or a trusted environment, you may be able
to use a .netrc file to store the password. See the netrc module for
more information:
https://docs.python.org/2/library/netrc.html
https://docs.python.org/3/library/netrc.html
but remember, if the attacker has access to your account and can read
your files, she can read your .netrc file as well. The one advantage to
this scheme is that you can treat the .netrc file as the only secret
that needs protecting, and the python scripts as "low security" because
they contain no passwords.
You can't hash the passwords, because you cannot reverse a hash to get
the passwords back. Hashing is one-way.
--
Steve
More information about the Tutor
mailing list