Obfuscate strings in Python

Question

I have a password string that must be passed to a method. Everything works fine but I don't feel comfortable storing the password in clear text. Is there a way to obfuscate the string or to truly encrypt it? I'm aware that obfuscation can be reverse engineered, but I think I should at least try to cover up the password a bit. At the very least it wont be visible to a indexing program, or a stray eye giving a quick look at my code.

I am aware of pyobfuscate but I don't want the whole program obfuscated, just one string and possibly the whole line itself where the variable is defined.

Target platform is GNU Linux Generic (If that makes a difference)

Answer 1

If you just want to prevent casually glancing at a password, you may want to consider encoding/decoding the password to/from base64. It's not secure in the least, but the password won't be casually human/robot readable.

import base64
# Encode password (must be bytes type)
encoded_pw = base64.b64encode(raw_pw)

# Decode password (must be bytes type)
decoded_pw = base64.b64decode(encoded_pw)

Answer 2

The base64 answer is good for obfuscating the password and will work with no user intervention at the cost of being insecure. If the user can be logged in with access to a system keyring service, take a look at the keyring package. I used it to store passwords on both OS X and Linux systems.

Answer 3

Obviously your best option is to delegate this to a third party. If you can authenticate with whatever you're connecting to using some other credential (eg. the user account your process is running as), you can leave the permission levels up to the OS layer. Alternatively, if sufficiently important / possible you could prompt the user (storing the key in the (arguably) slightly less hackable wetware instead)

If you do need to store some password or key, I'd recommend you store it seperate from your code, in a file you read in, and de-obfusticate if neccessary. This has the advantages that:

• You can set the file permissions on the file as tight as possible (ie. only readable by the account your program runs as), unlike the rest of your program which may be read by more people.

• You won't accidently check it into your version control system!

• No need to be restricted to printable characters (or use awkward escaping) for a python string, so you can use an arbitrary keyfile if possible, rather than a human readable password. If it's non human-entered, there's no reason to have all the weaknesses of passwords.

To obfusticate, you can use base64 as suggested, or some home-brew scheme like XORing or decrypting with another key stored elsewhere, requiring both locations to be looked at. Be aware that this doesn't protect against anything beyond opportunistic shoulder surfing (if that) - make sure that there is some level of real security as well (including obvious ones like physical access to the machine!)

Answer 4

It depends alot on why you're keeping the password around, and where you feel there is a security issue.

If you're storing or matching this password to a database in the future:

This shouldn't really be a problem, but if you're concerned, use your database's password encryption early and store that ( SELECT PASSWORD('mySamplePassword'); ), then compare the encrypted version directly in your later query.

If you're saving it for later transmision:

There really isn't much you can do. The transmission itself is very likely to be easier to sniff than your handling of the password.

Without knowing a few more details of what you're doing, this is sortof hard to answer.

Answer 5

You should avoid storing the password in clear in the first place. That's the only "true" solution.

Now, you can encrypt the password easily with the hash module (md5 and similar modules in python 2.5 and below).

import hashlib
mypass = "yo"
a = hashlib.sha256(mypass).digest()

Answer 6

Many password-accepting protocols and facilities have a way to specify a keyfile rather than a password. That strategy will probably work here; rather than hard-coding a password, hard-code a filename (or better yet, make it a parameter!). You could even go as far as SSH and refuse to load keyfiles that aren't (1) owned by the current user (2) only readable by that user.