Password hash

Discussion in 'Python' started by Robert Montgomery, Dec 24, 2012.

  1. I am writing a script that will send an email using an account I set up
    in gmail. It is an smtp server using tls on port 587, and I would like
    to use a password hash in the (python) script for login rather than
    plain text. Is this do-able? Details please.
    Robert Montgomery, Dec 24, 2012
    #1
    1. Advertising

  2. On Monday, 24 December 2012 08:08:12 UTC+5:30, Robert Montgomery wrote:
    > I am writing a script that will send an email using an account I set up
    >
    > in gmail. It is an smtp server using tls on port 587, and I would like
    >
    > to use a password hash in the (python) script for login rather than
    >
    > plain text. Is this do-able? Details please.


    No. The password is encrypted with TLS I think so I believe you shouldn't worry much about security.
    Ramchandra Apte, Dec 26, 2012
    #2
    1. Advertising

  3. On Monday, 24 December 2012 08:08:12 UTC+5:30, Robert Montgomery wrote:
    > I am writing a script that will send an email using an account I set up
    >
    > in gmail. It is an smtp server using tls on port 587, and I would like
    >
    > to use a password hash in the (python) script for login rather than
    >
    > plain text. Is this do-able? Details please.


    No. The password is encrypted with TLS I think so I believe you shouldn't worry much about security.
    Ramchandra Apte, Dec 26, 2012
    #3
  4. Robert Montgomery

    Ian Kelly Guest

    On Tue, Dec 25, 2012 at 8:40 PM, Ramchandra Apte <> wrote:
    > On Monday, 24 December 2012 08:08:12 UTC+5:30, Robert Montgomery wrote:
    >> I am writing a script that will send an email using an account I set up
    >>
    >> in gmail. It is an smtp server using tls on port 587, and I would like
    >>
    >> to use a password hash in the (python) script for login rather than
    >>
    >> plain text. Is this do-able? Details please.

    >
    > No. The password is encrypted with TLS I think so I believe you shouldn't worry much about security.


    The smtplib module automatically uses CRAM-MD5 for authentication if
    it is available. If you wanted to use some other hashing scheme then
    I guess you would have to implement it yourself by overriding
    SMTP.login, or find another SMTP module that already supports it.

    The above comment about security is bad advice. Security is all about
    layers. Just because the data stream is already encrypted (read:
    decryptable) does not mean that password digests are a waste of time.
    In fact, the two techniques are usually considered complementary: the
    encryption process protects your application data, while the password
    hashing protects your authentication details.
    Ian Kelly, Dec 26, 2012
    #4
  5. On Sun, 23 Dec 2012 20:38:12 -0600, Robert Montgomery wrote:
    > I am writing a script that will send an email using an account I set up
    > in gmail. It is an smtp server using tls on port 587, and I would like
    > to use a password hash in the (python) script for login rather than
    > plain text. Is this do-able? Details please.


    No, *you* need to provide details. Security problems nearly always
    emerge from the details, so it's important to be as clear as possible
    about what you want to achieve and what the threat is.

    --
    To email me, substitute nowhere->spamcop, invalid->net.
    Peter Pearson, Dec 27, 2012
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. feng
    Replies:
    4
    Views:
    1,287
  2. AAaron123
    Replies:
    2
    Views:
    2,098
    AAaron123
    Jan 16, 2009
  3. AAaron123
    Replies:
    1
    Views:
    1,317
    Oriane
    Jan 16, 2009
  4. rp
    Replies:
    1
    Views:
    494
    red floyd
    Nov 10, 2011
  5. Srijayanth Sridhar
    Replies:
    19
    Views:
    596
    David A. Black
    Jul 2, 2008
Loading...

Share This Page