I'm doing a small program, in which the user will have the option to enter
his/her password everytime, or just save it (to a file).
So, is there a module to obscure the password text in a secure way?
I can't hash it (with md5 or something), because I not need to compare the
password the user enters with a previous one.
I need to restore the password later and use it as if the user just entered
it.
Thank you all!
Facundo Batista
Gestión de Red fb******@unifon .com.ar
(54 11) 5130-4643
Cel: 15 5132 0132 6  2513 
Batista, Facundo: So, is there a module to obscure the password text in a secure way?
You can only obscure a password in an obscure way, not in a secure way.
I can't hash it (with md5 or something), because I not need to compare the
password the user enters with a previous one.
I need to restore the password later and use it as if the user just entered
it.
I use rotor for that. http://www.python.org/doc/current/lib/module-rotor.html
--
René Pijlman
"Batista, Facundo" wrote:
I'm doing a small program, in which the user will have the option to enter
his/her password everytime, or just save it (to a file).
So, is there a module to obscure the password text in a secure way?
No. Absolutely not.
I can't hash it (with md5 or something), because I not need to compare the
password the user enters with a previous one.
I need to restore the password later and use it as if the user just entered
it.
Your design is probably fundamentally flawed in that case. Are you
certain it is not possible to store the hashed password and always
to compare against it?
The biggest concern I have with systems that allow retrieving the password,
even as an administrator, is that the users are generally not informed
that the administrator has full access to their passwords. Since
many people re-use their favourite passwords all over the place, they
are prone to using the same password that gets them into their online
banking system as they use for the little web-based community site (or
whatever it is) that you're setting up.
No matter how secure you make the front end (https, encrypting passwords
in Javascript, etc) if you store the unencrypted password anywhere, you
are doing your users a gross disservice. Don't do it! IMHO.
-Peter
Batista, Facundo wrote: I'm doing a small program, in which the user will have the option to enter
his/her password everytime, or just save it (to a file).
So, is there a module to obscure the password text in a secure way?
I can't hash it (with md5 or something), because I not need to compare the
password the user enters with a previous one.
I need to restore the password later and use it as if the user just entered
it.
Thank you all!
Probably your best method is to install something like this - http://www.amk.ca/python/code/crypto.html
and use AES or DES3 or similar to encrypt the passwords.
Of course you then have to keep the encryption keyt secure but that may
or may not be a problem for you.
John Burton: Batista, Facundo wrote: I'm doing a small program, in which the user will have the option
to enter his/her password everytime, or just save it (to a file).
Probably your best method is to [...] use AES or DES3 or similar
to encrypt the passwords. Of course you then have to keep the
encryption keyt secure
No problem. Just ask the user to enter it everytime :-)
--
René Pijlman
The only problem with using rotor, is that, given the time, someone could
decrypt the password file by using the encrypted form and guessing the key.
"Rene Pijlman" <re************ ********@my.add ress.is.invalid > wrote in
message news:e6******** *************** *********@4ax.c om... Batista, Facundo:So, is there a module to obscure the password text in a secure way?
You can only obscure a password in an obscure way, not in a secure way.
I can't hash it (with md5 or something), because I not need to compare
thepassword the user enters with a previous one.
I need to restore the password later and use it as if the user just
enteredit.
I use rotor for that.
http://www.python.org/doc/current/lib/module-rotor.html
--
René Pijlman
"Lucas Raab" <py*********@ho tmail.com> writes: The only problem with using rotor, is that, given the time, someone could
decrypt the password file by using the encrypted form and guessing
the key.
Or they could just steal the key. As he said, you can only obscure a
password in an obscure way, not a secure way.
--
Christopher A. Craig <li*********@cc raig.org>
If you threw a glass of cold water on a liberal in the middle of a sound
sleep, he'd jerk awake denouncing the religious right -- Ann Coulter This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Ryan |
last post by:
hi
i am having a problem with a php script i am trying to write.
the problem is that the ouput from the script (the html) was
sometimes being truncated, but sometimes it would work
as expected.
i managed to narrow the problem down (believe it or not) to
the difference between a sinle character anywhere in the script.
|
by: Lorenzo Thurman |
last post by:
I'm moving from Cold Fusion to PHP and I have a question that none of
the books I have answers adequately:
In Cold Fusion, database connection parameters like the table, username
and password are configured on the server. Since they are at the
backend, nothing is exposed on the page except the queries themselves.
In PHP, from what I see, the database info is on the page. Is this not a
security risk? How can one be sure that this info is...
|
by: Frank Millman |
last post by:
Hi all
Below is the text of a message I was about to send in connection with
an obscure problem. I have now almost got to the bottom of it, and am
fairly confident that it is a bug in pyPgSQL. I hope this is the
correct place to report such bugs. If not, please advise the correct
forum.
I have left the original message intact as it provides important
information. At the bottom, I have recorded the new information that I
|
by: Andrew Poulos |
last post by:
I've built a javascript driven quiz. Given that client-side scripting is
not secure, is there a way to "obscure" answers so that they are
unavailable to the casual viewer? For example, If I have an external js
answer file with this in it:
quest = ;
is there a way to "obscure" the value but still allow js to reveal it.
What I'm looking for, I guess, is some algorithm that works like this:
// Massage the answers
|
by: Jill Elaine |
last post by:
I am building an Access 2002 frontend with linked tables to an
encrypted Paradox 7 database. When I first create these linked tables,
I'm asked for the password to the encrypted Paradox database, and the
linked tables are successfully created. I use the data from these
linked tables in several forms.
All works great until I close the Access frontend and open it again.
When I try to use the forms, I get an error message: "Could not...
| | |
by: Fabrizio |
last post by:
(Sorry for the crosspost, but I really don't know which is the right
newsgroup!)
Hi all,
I try to change the password to a user that as to change the password at
first logon:
try
{
|
by: subnunciation |
last post by:
i know, this shouldnt be a conundrum right? one just shouldnt divide by
zero. but this is suddenly happening *all over* my site. after chasing
the error here and there, i simplified things down to:
response.write cstr(4/2)
response.end
and i STILL get the error:
Microsoft VBScript runtime error '800a000b'
Division by zero
|
by: Bernie Hunt |
last post by:
I have a login dialog that has a text box on it for the user to type their
password. How can I obscure the information they are entering into the
password box? I could blank it, but a more traditional blips or asterics
would give the user better feedback. Is there a build in way to do this, or
should I capture the caractors as they come in and replace them with blobs?
Bernie
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
