Reputation: 16305
Real Security in Python
I've been looking for a way to use a password in an if statement. Obviously, if theRawInput == theCorrectPassword: is extremely non-secure. Any ideas? I've seen other questions with this topic, but they all suggest base64, which is also very non-secure (I cracked my own compiled script's password without using the password).
Upvotes: 3
Views: 198
Answers (1)
Reputation: 288230
If the attacker has access to your password database, the only way to still hide the password is hashing it. Include a salt to prevent the attacker from relying on generic hash tables:
import hashlib
salt = 'uphi8eiV'
hash = 'a7a2a98cc06f5b2935db5d2866670cc8b48116022e5bc30095b6167ddc2f3f96'
if hashlib.md5.hexdigest(salt + rawInput).hexdigest() == hash:
print('Correct password')
Note that this will still not help against poorly chosen passwords. For these, make sure the attacker has no access to the password database. If you want potential attackers to be able run your program, but not access some piece of data your program manipulates, you'll have to move that piece of data to a remote and secured server program which performs the authentication itself.
Upvotes: 6