Encryption Recommendation

[rogerrath2]

Hello -

I'm still using Python 2.4. In my code, I want to encrypt a password
and at another point decrypt it. What is the standard way of doing
encryption in python? Is it the Pycrypto module?

Roger

 

[Diez B. Roggisch]

Hello -

I'm still using Python 2.4. In my code, I want to encrypt a password
and at another point decrypt it. What is the standard way of doing
encryption in python? Is it the Pycrypto module?

Usually, one doesn't store clear-text passwords. Instead, use a
hash-algorithm like md5 or crypt (the former is in the standard lib, don't
know of the other out of my head) and hash the password, and store that
hash.

If a user enters the password, use the same algorithm, and compare the
resulting hashes with the stored one.

Diez

 

[Tim Chase]

Usually, one doesn't store clear-text passwords. Instead, use a

hash-algorithm like md5 or crypt (the former is in the standard lib, don't
know of the other out of my head) and hash the password, and store that
hash.

Python offers md5, and SHA modules built-in. (yay, python!)

http://docs.python.org/lib/module-md5.html
http://docs.python.org/lib/module-sha.html

It does also offer access to the crypt() function on Unix-like
OS'es but not Win32:

http://docs.python.org/lib/module-crypt.html

but it's based on DES which is no longer considered particularly
secure. From what I've seen, even MD5 is being phased out in
favor of SHA.

If a user enters the password, use the same algorithm, and compare the
resulting hashes with the stored one.

Generally one adds a "salt" to the mix, a random piece of data
that's stored with the password, so that if two users use the
same password, the salt makes them the appear like different
passwords:

import sha
import string
from random import choice

SALT_CHAR_COUNT = 5
salt_chars = string.letters +
string.numbers +
string.punctuation

def is_valid(username, password):
correct_hash, salt = get_hash_and_salt(username)
test_hash = sha.new(salt + password).hexdigest()
return test_hash == correct_hash

def set_password(username, password):
salt = ''.join([random.choice(salt_chars)
for _ in xrange(SALT_CHAR_COUNT)])
hash = sha.new(salt + password)
save_user(username, salt, hash)

Implementing get_hash_and_salt() and save_user() (and perhaps
tweaking the desired set of salt_chars) are left as an exercise
to the reader, using whatever persistent storage mechanism suits.

-tkc

 

[Andreas Tawn]

I'm still using Python 2.4. In my code, I want to encrypt a password

Usually, one doesn't store clear-text passwords. Instead, use a
hash-algorithm like md5 or crypt (the former is in the standard lib, don't
know of the other out of my head) and hash the password, and store that
hash.

If a user enters the password, use the same algorithm, and compare the
resulting hashes with the stored one.

Have a look at the hashlib module. Should have everything you need.

There's a write up in a recent episode of Doug Hellmann's most excellent
"Python Module of the Week".

http://blog.doughellmann.com/2008/01/pymotw-hashlib.html

Cheers,

Drea

 

[Paul Rubin]

Usually, one doesn't store clear-text passwords. Instead, use a
hash-algorithm like md5 or crypt (the former is in the standard lib, don't
know of the other out of my head) and hash the password, and store that
hash.

Rather, use the HMAC module, with a secret key, to thwart dictionary
attacks against the hash.

 

[Michael Ströder]

Usually, one doesn't store clear-text passwords. Instead, use a
hash-algorithm like md5 or crypt (the former is in the standard lib, don't
know of the other out of my head) and hash the password, and store that
hash.

If a user enters the password, use the same algorithm, and compare the
resulting hashes with the stored one.

And don't forget to add a salt so that same passwords do not have the
same hash.

But if the password checking is done with a challenge-response mechanism
(e.g. HTTP-Digest Auth or SASL with DIGEST-MD5) it's required that the
instance checking the password has the clear-text password available. So
reversible encryption for storing passwords might be required.

Ciao, Michael.

 

[Paul Rubin]

But if the password checking is done with a challenge-response
mechanism (e.g. HTTP-Digest Auth or SASL with DIGEST-MD5) it's
required that the instance checking the password has the clear-text
password available. So reversible encryption for storing passwords
might be required.

If you're trying to authenticate network logins using passwords, and
if you have control over both ends of the protocol but for some reason
don't want to use a full-blown encryption scheme, it's far better to
authenticate with something like SRP (http://srp.stanford.edu) than a
more primitive method like HTTP digest auth. SRP doesn't require
storing plaintext passwords, and more importantly, it protects the
password from offline dictionary searches by someone sniffing the
network connection.

There is a Python SRP implementation embedded in TLSLite
(www.trevp.com/tlslite) but it might be nice to extract or reimplement
the SRP code so that it can be used separately from TLS.